|
Tuesday, 27 January 2009 04:36 |
|
Security watchers are bracing themselves to respond to the activitation of the huge botnet created by the Conficker superworm. The malware has created a network of infected PCs under its control estimated at 9m or even more, according to the latest estimates — dwarfing the zombie army created by the infamous Storm worm, which reached a comparatively paltry 1m at its peak in September 2007.
Variants of Conficker (aka Downadup), which began circulating in late November, exploit the MS08-067 vulnerability in the Microsoft Windows server service addressed by Redmond with an out-of-sequence patch last October. The malware also infects removable devices and network shares using a special autorun file. The worm uses social engineering trickery so that users on Windows machines looking to simply browse the contents of a memory stick may be tricked into selecting an option that actually runs a malware payload and infects their PC. Conficker infections have been detected in more than 80 countries with Spain, the USA, Taiwan and Brazil most hit, according to anti-virus firm Panda Security. One in 14 (six per cent) of 2m machines submitted to Panda’s online scanner are affected by the worm. This, of course, represents a sample of PCs where the owners have reason to think something might be wrong and so may not be representative of the internet at large. Nonetheless, it’s a huge figure. The worm is confirmed to have hit a Sheffield hospital and is suspected of infecting UK Ministry of Defence systems, including local area networks on warships. Security watchers reckon that the more open nature of public-facing organisations explains why these attacks have hit the press. |
