Dubbed GhostNet, the operation is notable. Not only can it phish for information, it has remote access capabilities that can quickly and easily turn any computer into a giant listening device.

While researchers believe the operation is based in China, they are quick to point out that this does not necessarily mean the Chinese government was involved. "This could well be the C.I.A. or the Russians. It's a murky realm that we're lifting the lid on," Ronald Deibert, an associate professor of political science at Munk told The New York Times.

The researchers' findings, Tracking GhostNet: Investigating a Cyber Espionage Network, are due to be released this weekend on the Information Warfare Monitor Web site.

While some news outlets are causing panic with their fear mongering, others are downplaying the upcoming event, and the net effect of course is FUD. But according to security experts, the bottom line is if you're not infected now, you don't have anything to fear come April Fools Day. If you're interested in knowing more about Conficker and how to search for and destroy it, take a look at the seven resources below.

The Last Watchdog has compiled a simple timeline to show the evolution of Conficker that begins with Chinese hackers selling a $37 malware kit in September 2008 designed to exploit a security hole in Windows, and ends with what infected PCs will do come April 1 2009.

Conficker C Analysis

The computer science laboratory at SRI International, sponsored by the National Science Foundation and the U.S. Army Research Office, has released a detailed analysis of Conficker C.

Ensure you've got the latest Microsoft patch

Microsoft recommends you manually download the Windows Malicious Software Removal Tool. Note: This is not a replacement for anti-virus software, rather an additional defense.

Disable Autorun

PC World suggests disabling Autorun so that your machine won't be automatically infected when you connect to infected removable media. A how-to can be found here. Note: This involves changing the registry file on Windows and should only be done by those confident in their abilities.

Search for and destroy Conficker with F-Secure

F-Secure has a free and easy-to-use tool to check for and remove worms; including the dreaded Conficker.

Use McAfee's Stinger which will update daily in preparation for April 1

McAfee has created a special build of its standalone cleaning tool Stinger which it will be updating daily to include any new Conficker variants.

No Download: Scan on the Web

Create a free account (registration required) with Panda Security's ActiveScan to perform an online scan of your machine.

Image Credit: Flickr: Jean et Melo

1. Lack of control over activity streams

According to the paper, there are two primary ways in which lack of control over activity streams may compromise our privacy; the lack of control we have over events going into our activity streams (examples given are Facebook Beacon and coComment), and the lack of control we have when it comes to who can see our activity stream as is possible with Google Reader.

2. Unwelcome linkage

The authors define unwelcome linkage as occurring when links on the Internet reveal information about you that you had not intended to reveal, for instance trackbacks and accidental linkage.

3. De-anonymization through merging of social graphs

Given social networking sites extract a fair amount of personally identifiable information; the authors suggest it may be possible to uncover personal information by comparing data across social networking sites. In fact, this method of merging social graphs has already been used when researchers identified Netflix users by combining Netflix data with data from IMDb (PDF).

The Google paper suggests various solutions:

• Applications should be explicit about which user activities automatically generate events for their activity stream
• Users should be given control over which events make it into their activity stream and be able to remove events from the stream after they have been added by an application
• Users should be explicitly told who the audience is for their activity stream; users should also have control over who the audience is for their activity stream
• Application developers should build their applications such that the creation of activity stream events is more likely to be in sync with user expectation

The paper also proposes the building of tools that describe what information is available about you on the Internet; a warning system of sorts that includes an automatic link discovery tool which will quickly show you whether there is any privacy risks involved, so you can be better informed before creating new content.

As reported in New Scientist the Google paper, (Under)mining privacy in social networks (PDF), will be presented at the Web 2.0 Security and Privacy 2009 workshop in May.

Image credit: Darwin Bell