Well, if you’re reading this, you’ve apparently survived the Conficker Disaster of 2009. Congratulations!

Actually, the Conficker worm, which has been quietly distributing itself across Windows PCs since 2008, was supposed to start phoning home Wednesday. Reports are conflicted whether or not anything has actually happened yet. Most experts agree that it could be a few days until the effects of the virus are known, though predictions run the gamut from a simple botnet that will send more spam or commit DDoS attacks to more sinister actions like stealing credit card information.

While the whole Conficker situation could be a very elaborate but harmless April Fool’s joke, the fact that everyone is so worked up into a frenzy over it shows that computer viruses are still as much of a threat in the ever-connected, ever-computerized world we live in now as they have been.

Last week marked ten years since the first “malware” virus, the Melissa virus, first started wrecking havoc on users’ computers and overloading email systems. While viruses that hijack email clients and propagate by mailing copies of themselves to everyone in address book are largely extinct now, the Melissa virus was a real problem in 1999.

Dmitry Gryaznov, a member of the original McAfee team who discovered and tracked down the Melissa virus, points out that “Ten years ago, malware writers were interested in creating a name for themselves. It’s a vastly different picture today. Cybercriminals are financially-driven; they’re eager to steal personal information and cash-in on the cyber attacks.” It’s true that most viruses in the past were about being flashy, like by deleting important system files. Most viruses today are Trojan programs that watch your computer in the background to steal credit card information and passwords that could lead to identity theft.

It’s important to point out that running a decent virus scanner or just installing the patches that Windows pushes out over Windows Update would have prevented this whole situation from ever happening. Of course, if you’re on a blog like this one, you probably already knew this-or you just run OS X. And if you haven’t, go scan your system-NOW. There are lots of free (http://free.avg.com/) and open source (http://www.clamwin.com/) tools available, so there are no excuses.

Research from security firm McAfee shows that some celebrities are just dangerous to Google and search for around the web because of the litany of fake websites out there that try to infect your computer with viruses and malicious code as you innocently seek out wallpaper and screensavers of your favs.

Brad Pitt leads the pack on a list that includes Jessica Alba and‚ Katherine Heigl.

“Fans searching for “Brad Pitt,” “Brad Pitt downloads,” and Brad Pitt wallpaper, screen savers and pictures have an 18% chance of having their PCs infected with online threats, such as spyware, spam, phishing, adware, viruses and other malware,” McAfee said. “Cybercriminals are using A-listers’ names and images, like Beyoncƒ© and Justin Timberlake, to lure Internet users who surf the Web for the latest gossip, screen savers and ringtones to “fake” Web sites that look legitimate.”

The list includes:

1. Brad Pitt – When “Brad Pitt screensavers” was searched, more than half of the resulting Web sites were identified as containing malicious downloads with spyware, adware and potential viruses.

2. Beyoncƒ© – Inputting “Beyoncƒ© ringtones” into a search engine yields risky Web sites that promote misleading offers to gather consumers’ personal information.

3. Justin Timberlake – Interest in his high-profile relationships makes him an easy target for spammers and hackers. When searching for “Justin Timberlake downloads” one Web site advertised free music downloads that were flagged as directly leading to spam, spyware and adware.

4. Heidi Montag – “The Hills” star is a popular search term when it comes to searching for wallpaper. A host of wallpaper Web sites contained hundreds of malware-laden downloads.

5. Mariah Carey – Spammers and hackers are using Mariah Carey screen saver Web sites to link to other sites proven to contain spyware, adware and other threatening downloads.

6. Jessica Alba – Red-ranked risky sites were identified when searching for “Jessica Alba” and “Jessica Alba downloads.” The sites contained hundreds of malicious downloads, links to other bad sites, misleading offers to gather information, and a high number of spam emails when an email address was provided.

7. Lindsay Lohan – This young Hollywood starlet is as dangerous to search online as she is famous. Searching for “Lindsay Lohan downloads” resulted in several dangerous Web sites laden with hidden adware.

8. Cameron Diaz – Cybercriminals use download Web sites related to Cameron Diaz’s image to link to other harmful sites containing spyware.

9. George Clooney, Rihanna – The technology found one Web site embedded with hundreds of dangerous wallpaper and photo downloads after inputting “George Clooney downloads.” “Rihanna pictures” was also a risky search term, as McAfee identified a site that spammed its test email address.

11. Angelina Jolie – When “Angelina Jolie downloads” was searched, the software highlighted a risky site with 978 hidden malware-infected wallpaper and photo downloads, as well as links to other potentially dangerous URLs.

12. Fergie – A Fergie screen saver site was flagged as offering 111 risky downloads that could seriously compromise a PC’s privacy with unwanted spyware and adware.

13. David Beckham, Katie Holmes – The “David Beckham” search term generated a great deal of wallpaper and screen saver downloads veiled with malware. Consumers should also exercise caution when searching for “Katie Holmes” online – one download site advertised free screen savers that, if downloaded, would infect your computer with malicious programs like spyware.

15. Katherine Heigl – Hollywood’s big headliner in recent years is now susceptible to Internet lurkers too. “Katherine Heigl” was searched and a site was identified containing hundreds of malware-infected pictures.

‚ ”Cybercriminals employ numerous methods, yet one of the simplest but most effective ways is to trick consumers into infecting themselves by capitalizing on Americans’ interest in celebrity gossip,” said Jeff Green, senior vice president of McAfee’s Product Development and Avert Labs. “Tapping into current events, pop culture or commonly browsed sites is an easy way to achieve this. And because of Americans’ obsession with following celebrities’ lifestyles, they are an obvious target. We have to take precautions in casually navigating the Web since many subtle sites may be rife with malware for consumers’ computers.”

The list was compiled using McAfee SiteAdvisor, which can be downloaded for free at‚ www.mcafee.com/siteadvisor.

McAfee Avert Labs reported Tuesday the most significant malware outbreak in three years with more than 500,000 detections of a Trojan horse they’re calling “Downloader-UA.h,” which is spreading by masquerading as a media file.

“The malicious MP3 music or MPEG video files have appeared on popular file-sharing services such as Limewire and eDonkey,” Avert Labs said in a statement.

McAfee has rated “Downloader-UA.h” as a “medium” risk threat. It is the first malware to receive that risk rating since 2005. It is the most dangerous threat to mask itself as a multimedia file ever recorded.

“This is one of the most prevalent pieces of malware in the last three years,” said Craig Schmugar, threat researcher at McAfee Avert Labs. “We have never before had a threat this significant that arrives as a media file.”

The last time McAfee went to “medium” on a computer threat was W32/Sober from November 2005. Sober was a virus that proliferated massively through email.

The malicious files are all named differently in multiple languages and vary in size to make them appear like legitimate music or video files, McAfee said. Attempting to play one of the malicious files will trigger a program called “PLAY_MP3.exe” to download, launch, and force advertisements to appear on the infected computer.

Some of the sample names used by the malicious media files include “preview-t-3545425-adult.mpg” ; “preview-t-3545425-changing times earth wind .mp3″ ; “preview-t-3545425-girls aloud st trinnians.mp3″ ; “preview-t-3545425-jij bent zo jeroen van den.mp3″ ; “t-3545425-lion king portugues.mpg” and “t-3545425-los padres de ella.mpg”

If you need a another reason to get rid of Limewire and other filesharing apps, you might not get a better one.

McAfee Avert Labs announced Friday a Trojan horse attack disguised as a Microsoft update on a particular MySpace profile.

Attackers send friend requests to the victim MySpace users. Clicking on the person’s picture or name link loads a profile page with what looks like a legitimate Windows Automatic Updates pop-up box. When the user clicks the pop-up, it results in a request for a file download masked as a Microsoft update called “updateKB890830.exe” from a server that includes “winxpupdate.Microsoft” in its name.”

“The file in actuality is a true malware cocktail,” McAfee said. “If installed and run it downloads programs from multiple servers that in turn download more malware in addition to Trojans, and a remote control tool.”

Initially, McAfee thought the download files look to be from China, but its Avert Labs determined the origin of the IP address belonging to an ISP in Malaysia and further downloads directed from the Ukraine.

The malicious MySpace profile is still live, McAfee said late Friday. MySpace and Microsoft have both been notified. Users should beware of friend requests from people they don’t know and be cautious when surfing MySpace profiles.

What appeared to be a legitimate iPhone application, “iPhone firmware 1.1.3 prep,” turned out to be a piece of malicious software intended to ruin functionality on affected phones.

The programmer of this dangerous piece of code was an eleven-year-old boy.

Using the installer.app feature on the iPhone, users can access the diverse world of third-party applications. The malware in question passed itself off an update at www.jmwiki.com for applications including Erica’s Utilities, OpenSSH, Launcher and Doom. After downloading and installing the file via the iPhone’s installer.app, the malware displayed the word, “shoes” and proceeded to remove files critical to iPhone functionality.

Though by malware standards the virus was fairly tame, McAfee Avert Labs blogger Jimmy Shah noted that the piece of software highlights an important security concern with iPhone, one that depends entirely on the vigilance of well-informed users.

McAfee recommends users only acquire software only from trusted sources and install only official firmware updates.

After the child’s ISP was informed of the problem, his father was contacted and the site hosting the malicious application was taken down.

Almost 400,000 members of Google’s social networking site, Orkut, were victimized by a new spam worm spreading around the site, said McAfee’s Avert Labs.

“While the worm doesn’t appear to harm users’ PCs, it does impact their profile and spread from friend to friend,” said McAfee. “This virus will add the user to a community called “Infectados pelo Virus Orkut” (“Infected by the Orkut Virus”) and starts to send messages to the friends of the infected user. Avert Labs believes Google is working to fight the worm.”

This raises concerns on how to keep the growing number of Web 2.0 sites safe and secure. MySpace and Facebook have faced similar issues recently, and everyone remembers the series of AIM Profile viruses and malicious code.

“I analyzed some suspicious scrap ’2008 vem ai… que ele comece mto bem para vc’ from a bunch of friends on Orkut,” wrote McAfee’s Vinay Mahadik. “For a while it was all over Orkut!! Translated to English, it reads ’2008 is coming…I wish that it begins quite well for you.’”

The worm is spreading through Orkut’s recently introduced tool that allows users to write messages that contain HTML code. The ability to add Flash/Javascript content to Orkut scraps was only recently introduced.

Click here for the full Avert Labs blog post.

The form has been named W32/KutWormer by McAfee.

Malicious coders and hackers are constantly finding new ways to circumvent security precautions, and this isn’t likely to change in 2007. While a solid anti-virus program is a good bet, the best way to avoid costly mistakes is to stay tapped into the latest developments in the fast changing computer world, said David Marcus, Senior Research and Communications Manager for McAfee Avert Labs.

Researchers like Marcus, who keep a finger on the pulse of the malware underground, formulate yearly virus trend predictions, with the intent of helping users stay on the up and up. One of the biggest trends Marcus has pinpointed for 2007 is an increase in “zero day” attacks.

A zero day attack, as it’s known in the computer security industry, is an assault on an application possessing a previously unknown vulnerability, which is in turn revealed to the general population before being taken to the application’s vendor.

A good way to think of a zero day day attack is to picture a row of pristine houses with neat little gadgets such as electric garage door openers. If the houses are computers and the garage door openers are the applications, you’re a guy walking down the street with a universal remote who just found out that if you push the power button, some defect in all the garage door openers lets you open every garage on the street due to an unforeseen glitch.

In the computer world, the different terms, ‘vulnerability,’ ‘exploit,’ and ‘virus,’ can get confusing. The difference between each is fairly simple.

Think of a vulnerability as a back door into an application. For example, if there’s an extremely popular music playing program that’s used by a large number of people, but it has a chunk of code that is poorly constructed, it might provide a loophole for the criminally minded. This is a vulnerability.

If the vulnerability is found and brought to the attention of the vendor who created the application, and it is subsequently fixed, the problem never progresses beyond this stage.

However, the internet is no utopia and the business world doesn’t always turn on a dime.

If the vulnerability is never brought to the attention of the application builders, or the builders fail to provide an update fast enough, a malicious programmer can string together a code sequence that allows him to take advantage the loophole. That code sequence, harmless on its own, is known as an exploit.

The final step, the actual virus, is a tightly wrapped program—not much different than a calculator or game program—that delivers the exploit code payload to your computer by attaching itself to the vulnerable application, which allows the coder behind the virus to take advantage of your system in various ways.

Problems for computer security experts can be compounded when malicious programmers start sharing exploit code strings and collaborate on building the actual virus program, a trend that has seen explosive growth in the last few years.

"On the bad guys side of the house, they do certain things very efficiently," said Marcus. "They communicate very effectively. They used to write things for bragging rights, now they’re more apt to collaborate."

In the new year, he expects to see this kind of collaboration grow, which poses difficulties for computer security experts due to the power of numbers. The more people working to perfect a program—malicious or friendly—the stronger the program gets.

A recent vulnerability exposed in the Apple’s QuickTime program illustrates exactly how this concept—from vulnerability to exploit to virus—works. The end product, the new QuickTime virus, represents a hybrid virus style that could take off in 2007.

"The advantage the malware writer has is they can always look for the new vector and always test against antivirus programs," said Marcus. "The Symantecs and the McAfees can’t do that."

In a nutshell, the QuickTime virus is unique because it works on both Windows and Macintosh platforms. Generally a virus attacks one or the other due to fundamental differences between Windows and Macintosh operating systems, with an overwhelming majority targeted at Windows due to its reputation for leaky code, easy exploitability, and overwhelming market dominance.

Though Apple has an industry reputation for being a low-virus system, the QuickTime virus can take advantage of a Macintosh as easily as it does Windows. That dual capability set off alarm bells in December 2006 and on into 2007, said Marcus.

With the new Intel chips in Apple computers, allowing Macintosh operating systems to run Windows applications at native speeds, this kind of dual operability virus could see cross platform growth as well in the new year.

As 2007 marches on there’s no hard and fast rule for avoiding viruses, said Marcus. The biggest problem will continue to be the zero day vulnerabilities, and a mushrooming cloud of spam is expected to reach epidemic proportions in 2007 according to a wide range of experts, which may very well pose additional difficulties to all who love, or loathe, the Internet.