Security Watch PDF Print E-mail
Wednesday, 15 June 2011 00:00

Security watchers are bracing themselves to respond to the activitation of the huge botnet created by the Conficker superworm. The malware has created a network of infected PCs under its control estimated at 9m or even more, according to the latest estimates — dwarfing the zombie army created by the infamous Storm worm, which reached a comparatively paltry 1m at its peak in September 2007.

Variants of Conficker (aka Downadup), which began circulating in late November, exploit the MS08-067 vulnerability in the Microsoft Windows server service addressed by Redmond with an out-of-sequence patch last October. The malware also infects removable devices and network shares using a special autorun file. The worm uses social engineering trickery so that users on Windows machines looking to simply browse the contents of a memory stick may be tricked into selecting an option that actually runs a malware payload and infects their PC.

Conficker infections have been detected in more than 80 countries with Spain, the USA, Taiwan and Brazil most hit, according to anti-virus firm Panda Security. One in 14 (six per cent) of 2m machines submitted to Panda’s online scanner are affected by the worm. This, of course, represents a sample of PCs where the owners have reason to think something might be wrong and so may not be representative of the internet at large. Nonetheless, it’s a huge figure. The worm is confirmed to have hit a Sheffield hospital and is suspected of infecting UK Ministry of Defence systems, including local area networks on warships. Security watchers reckon that the more open nature of public-facing organisations explains why these attacks have hit the press.

Editors Note:

  • Microsoft have released a guide (KB962007)
  • The following Antivirus software protects against it Trend, Kaspersky, AVG (2011 onwards)
  • Wikipedia has an article
 

Newsflash

With the floods in Thailand affecting the price of hard drives - don't be surprised with cost increases in the short term. This is expected to return back to normal Q2 2012.