Writers of a password-stealing Trojan horse program have found that a little patience can lead to a lot of infections.

They have managed to infect hundreds of thousands of computers -- including more than 14,000 within one unnamed global hotel chain -- by waiting for system administrators to log onto infected PCs and then using a Microsoft administration tool to spread their malicious software throughout the network.

The criminals behind the Coreflood Trojan are using the software to steal banking and brokerage account usernames and passwords. They've amassed a 50GB database of this information from the machines they've infected, according to Joe Stewart, director of malware research with security vendor SecureWorks.

"They've been able to spread throughout entire enterprises," he said. "That's something you rarely see these days."

Since Microsoft shipped its Windows XP Service Pack 2 software with its locked-down security features, hackers have had a hard time finding ways to spread malicious software throughout corporate networks. Widespread worm or virus outbreaks soon dropped off after the software's August 2004 release.

But the Coreflood hackers have been successful, thanks in part to a Microsoft program called PsExec , which was written to help system administrators run legitimate software on computers across their networks.

For a widespread infection, attackers must first compromise a system on the network by tricking the user into downloading their program. Then, when a system administrator logs onto that desktop machine -- to perform routine maintenance, for example -- the malicious software tries to run PsExec and install malware on all other systems on the network.

Often the technique succeeds.

Over the past 16 months, Coreflood's authors have infected more than 378,000 computers. SecureWorks has counted thousands of infections in university networks and has found financial companies, hospitals, law firms, and even a U.S. state police agency that have had hundreds of infections. "It's kind of insane how often they are getting on hundreds or thousands of computers at a single company," Stewart said. "They've probably stolen far more accounts than they can use."

The SANS Internet Storm Center reported one of the infections, which affected 600 machines on a 3,000 PC network, on June 25.

Malicious programs have used PsExec for more than five years, said the software's creator, Mark Russinovich, a Microsoft technical fellow. However, this is the first time he had heard of it being used in this fashion. "PsExec doesn't expose anything that a malware author can't code themselves or even accomplish with alternate mechanisms," he said in an e-mail interview. "Once you have credentials that give you local admin rights via remote access, you own that system."

Coreflood, which is also known as the AFcore Trojan, has been around for about six years. It has been used in the past for such things as launching denial-of-service attacks, but not to steal passwords, Stewart said.

Not all of this week's news involved global financial turmoil: while IT budgets are being cut and AMD is breaking itself up, a security tool was released for Firefox that prevents "clickjacking" and Microsoft said that Windows 7 will fix issues in Vista's user account control feature.

1. Economic malaise hits IT industry : Disappointing earnings from some IT companies, fewer initial public offerings, lowered earnings forecasts -- all are part of the grim global economic outlook. On the bright side, though, IBM reported this week that its net income rose 20 percent in its third quarter and maintained its profits will be strong for the full fiscal year.

[ Video: Catch up on the latest tech news with the World Tech Update ]

2. AMD to spin off chip fabs to raise funds : Advanced Micro Devices is splitting into two companies, with one designing chips and the other making them. The company also said that two investment funds owned by the Abu Dhabi government will provide capital to AMD and help it compete better with Intel. The news was hailed by analysts, investors, customers and employees as a way to strengthen AMD, particularly in the harsh economic climate.

[ Related: Rival Intel has launched an investigation into AMD's spinoff plans | Intel may be worried because analysts think the split could help AMD make up market share quickly ]

3. Firefox extension blocks dangerous Web attack : An update of a free security tool for Firefox blocks "clickjacking," one of the most dangerous and vexing problems on the Internet. Clickjacking happens when a Web user clicks on an invisible, malicious link without knowing it. The tool, called NoScript, now includes ClearClick, which can tell if a Web page contains a hidden, embedded element. Users of NoScript who click on such links will be asked if they really want to do that.

4. Microsoft to improve Vista's problematic UAC in Windows 7 : Microsoft is tweaking the user account control feature in its Windows client OS and admits that what was meant to be a security feature in Vista has been a hassle for users. The idea behind UAC in Vista is to give primary PC users more control of applications and settings, but it hasn't quite worked out that way. "What we've learned is that we only got part of the way there in Vista and some folks think we accomplished the opposite," said a blog post attributed to Ben Fathi, Microsoft corporate vice president of development in the Windows Core Operating System Division.

5. Microsoft elaborates on Oslo : Microsoft shed some more light on its Oslo vision for model-based software development this week, detailing the "M" declarative modeling language and the Domain Specific Languages concept that are integral to the overall Oslo package. The company also offered reassurances to developers thattheir role is not being minimized by this raising of the level of abstraction.

6. Apple to hold special notebook event on Oct. 14 : Apple sent out an invitation to reporters to attend an event next Tuesday, saying that "the spotlight turns to notebooks." We assume this means that new Macbooks will be out in time for the all-important holiday shopping season.

7. For a promising IT career, go east, young techie : The IT job market had tightened up even before global financial turmoil gave us all a whack, but opportunities are more plentiful in China, India and Russia, according to analysis of growth trends. Working in such countries also can be good for the old resume. "IT is going global. The IT profession is going global. Developing product for markets all over the world is something you have to learn how to do. Overseas work is a huge enhancer for IT professionals," said Rob McGovern, CEO of JobFox, an international IT employment agency.

8. Mono 2.0 lets .Net apps run on Linux: Considered a major upgrade, the open-source Mono 2.0 runtime leverages Microsoft's .Net Framework 2.0 programming model, letting developers build desktop and server applications using Microsoft-based environments and deploy them across multiple platforms, including Windows, Linux, and Mac OSX. By bringing apps beyond Windows, Mono will help developers reach a larger audience.

9. 11 Microsoft security updates due next week : There will be no rest for weary systems administrators next week -- Microsoft expects to roll out 11 security updates, with four of them rated critical. The monthly patchathon will apply to bugs in Windows Active Directory, Internet Explorer, Excel and the Microsoft Host Integration Server. Besides the critical patches, six others will be rated important and one will be moderate.

10. NASA: Messenger sends back never-before-seen Mercury images : NASA's Messenger spacecraft transmitted images of Mercury to scientist this week, proving them with data about parts of that planet that have never been seen before. The Mariner 10 mission in the 1970s identified the Kuiper crater on Mercury, the planet nearest the sun, and an image of the crater was among the first to be relayed to NASA. Messenger took hundreds of photos of Mercury as it got within 125 miles (201 kilometers) of the planet's surface.

A new Forrester Research study that polled more than 200 SAP customers found widespread discontent over the vendor's recent decision to shift customers to a pricier Enterprise Support offering, and also provides tips on how customers can mitigate the increased cost.

SAP announced in July that Enterprise Support would replace its basic and premium support options. Enterprise Support costs 22 percent of a customer's license fees, compared to 17 percent for basic support. The additional costs will be phased in over the next few years, and new charges won't begin until Jan. 1.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

But Forrester clients voiced a number of common gripes.

Eighty-five percent of the clients interviewed described minimal utilization of the Basic Support offering. "The average customer claims to connect with SAP fewer than six times a year -- the equivalent of buying a comprehensive but expensive insurance policy and rarely utilizing it," the report states.

Customers also complained to Forrester about the time it takes SAP to meet requests for new features.

"Customers believe that the maintenance dollars paid to SAP should go to filling in key functionality gaps in the software. However, there are a plethora of examples where key functionality requested two to four years ago by multiple customers in the same or different industries were not delivered in SAP R/3 4.7, let alone available in SAP ERP 6.0," the report states.

Clients "want to know how much of their support dollars really go back into reinvestment versus profit margins," it adds.

SAP has cited a number of reasons for its decision, such as greater complexity in customer environments, and argues that Enterprise Support provides a higher level of benefits for customers -- points the Forrester report does not dispute.

To mitigate the increased cost of maintenance, customers should seek steeper discounts on licensing deals, according to Forrester.

Another tactic would be to create a long-term "SAP containment strategy," which could include taking a look at other vendors. "Many SAP clients with whom we spoke have begun the process of evaluating Oracle Siebel, Salesforce.com and others for customer relationship management as well as Siperian, Initiate Systems and IBM for master data management."

Customers also should consider third-party options for support. While one company, Rimini Street, has announced plans to provide such support, it has not yet begun doing so, and even when it does will focus on only SAP's R/3 products.

The Forrester report's results stand in contrast to SAP's past contention that while customers may not like to pay more money, they understand the value of the new service.

An SAP spokesman was given a copy of the report on Friday, but did not immediately provide comment on its findings.

The collective sigh of relief when Apple lifted the iPhone NDA, which had prevented developers from discussing iPhone programming, came not just from developers, but also from educators, authors, and publishers. With the NDA gone, iPhone-related books can be published, and conferences can be much more detailed, leading to better education.

Publishers and authors who had books written were forced to shelve them because publishing the material would have broken the guidelines of the NDA. However, with the NDA removed, users can expect to see an abundance of information hitting the market, targeting everyone from developers to end-users.

[ Special report: IT's guide to the iPhone ]

"It was huge having the NDA lifted," said Bill Dudney, trainer and co-author of the upcoming book "iPhone SDK Development" (Pragmatic Bookshelf, 2008).

Like many other authors, Dudney had a book written about the iPhone, but couldn't publish the book without breaking the NDA. Now, Dudney -- along with countless others -- can bring his product to market. (A quick search for  iPhone books on Amazon.com shows a number of titles available for pre-order.)

An abundance of books on the market isn't the only benefit we can expect to see. Conferences will now feature better sessions because speakers and trainers will be able to speak freely about what it takes to make a good iPhone application.

iPhoneDevCamp organizer and co-chair of O'Reilly's iPhoneLive conference, Raven Zachary said he is excited about what this means for future conferences. Zachary said they have tentatively added an introduction to iPhone development session at the upcoming conference, which is something they couldn't have done before Apple lifted the NDA.

In previous conferences, speakers would have to talk about Mac development tools and try to relate them to the iPhone, without speaking about the iPhone -- a tough task.

The NDA stifled growth in the development community simply because new developers had a limited amount of resources to seek help. Now, Dudney said, trainers can speak freely and actually help attendees with questions they have about developing for the iPhone. With new developers come new applications and innovation, which only helps the platform.

Perhaps not coincidentally, a week after lifting the NDA, Apple announced the iPhone Tech Talk World Tour, a series of free tech talks about the iPhone for developers. Topics include an introduction to Objective-C and Cocoa Touch, how to integrate the iPhone into an IT environment, submitting your app to the App Store, and iPhone game development

The end result for iPhone users should be a better choice of applications as developers continue to push the envelope of innovation.

MSI is continuing its assault on the Eee PC by launching the Wind U120.

[ For more on products in the hot mini-notebook category, check out our hands-on looks at Asus' Eee PC 901 and 1000, the Cloudbook Max netbook, Elitegroup's G10IL mini-laptop, MSI's Wind low-cost laptop, Giga-byte's M912X mini-laptop, HP's Mini-Note netbook, and Acer's Aspire one. ]

The U120 will feature similar specs to its predecessor, the Wind U100, which is powered by an Intel Atom processor. Customers will be able to choose between a 120GB hard-disk drive or a 40GB solid-state drive. The U120 also includes 802.11n Wi-Fi connectivity and a built-in 3G modem.

It is expected to be priced around £350 ($595) and available by December.

Shedding more light on its Oslo vision for model-based software development, Microsoft this week elaborated on plans to preview Oslo technologies, offering code names and citing the company's DSL (Domain Specific Languages) concept as a lynchpin of the platform.

A Community Technology Preview of Oslo is due at the Microsoft Professional Developers Conference in Los Angeles on October 27. Featured in the CTP will be a declarative modeling language now being identified by the code name "M," as well as software modeling tool code-named "Quadrant.

A repository for integration between models also will be part of the CTP. User feedback on the CTP will help determine the overall road map for Oslo technologies, said Robert Wahbe, Microsoft corporate vice president of the company's Connected Systems Division, during an interview this week.

With Oslo, Microsoft seeks to provide another layer of abstraction for developers and make development easier; models become the applications. Business analysts also could make changes to models. For example, an analyst could change an application that requires two managers' approvals for lunch expenses exceeding $100 to requiring these approvals for a $50 lunch, Wahbe said.?

"It's easier in many cases to look at a model and see what it's trying to do rather than look at hundreds of thousands of lines of code," Wahbe said.

With the M language, ISVs and developers could build textual DSLs, he said. A DSL enables a developer to write down intent in a way that is close to how a developer is thinking about a problem, Wahbe said. M also can be used to build data models.

"The idea of DSLs has been around. What we're trying to do with Oslo is make it easier for mainstream developers to use models in general," Wahbe said. Microsoft, as an ISV itself, will use DSLs for building domains for activities like workflow and databases.

"[The] notion is that M is excellent at building these DSLs in an easy way," Wahbe said. "In turn, once you have that DSL, what it does is it lets you produce something that the platform can execute directly."

A model is translated to XAML, which can be executed by the platform. Oslo also can work with multiple runtimes from platforms like Java if developers customize the Oslo tools.

Quadrant, meanwhile, provides a way to author models visually. "The way to think about it is M lets you build textual DSLs and Quadrant lets you build visual DSLs," Wahbe said.

Oslo will be featured as part of the Visual Studio product family; the company has not yet announced which version would include Oslo. While Oslo at first glance might appear to be minimizing the role of the developer by raising the level of abstraction, Microsoft believes it is just a natural step in the evolution of software development that does not put developers' jobs at risk, Wahbe said.

"Developers can deliver higher-quality applications faster," he said.

With Oslo, Microsoft has "definitely raised the bar," said analyst Nick Gall, vice president of the enterprise architecture team at Gartner.

"The Oslo approach to modeling is a refreshing new approach. That said, it is ambitious," Gall said.

"Any attempt to do really do model-driven architecture is ambitious. We've been trying to do executable models for 25-plus years, and all to date have failed," such as with CASE (Computer Aided Software Engineering) and Object Modeling Group efforts, said Gall.

Microsoft is attacking the two core issues of modeling: translating from models into executable code and the functional aspect of an application, in which functional models must accommodate nonfunctional aspects of an application such as security and systems management, Gall said. Microsoft has not yet completed the integration with nonfunctional models, he said.

Oslo integrates with existing applications, according to Microsoft. It brings together a connected view of models and builds on existing investments on top of the Microsoft platform. Microsoft also is working with ISVs on solutions built using Oslo, including line-of-business applications and DSLs, the company said.