Tuesday, January 27, 2009

Conficker Worm Infects Nearly 10 Million PC Worldwide

According to security researchers at F-Secure the Downadup virus, also called the "Conficker Worm" has infected nearly 10 million PCs worldwide.

F-Secure researchers have said, "As time passes, the number of estimated Downadup infections becomes more problematic to calculate as we are monitoring a varying number of domains. Re-infections may also be inflating the count." Late last week the companies prediction of an estimated 2.4 million infected machines jumped to over 8.9 million during a four day span.

The company however remained optimistic in Friday's blog post stating, "In any case, today seems better than the day before and we think that growth of Downadup has been curbed. Disinfection of the worm remains a challenge."

Downandup exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. Although Microsoft fixed the flaw with one of its rare "out of cycle" updates in late October, it is estimated that about a third of all PCs have not yet been patched.

The worm spreads by exploiting the Windows vulnerability, by brute-force password attacks, through networked devices and by hitchhiking on USB devices like flash drives.

For more details on detection and removal of Downandup checkout F-Secure's Downandup page as well as Microsoft's Conficker Worm Virus alert page. Microsoft has recommended that Windows users install the emergency update, then run the January edition of the MSRT to scrub the worm from compromised computers.

While detection and removal of the worm has been a priority researchers have warned that the worm has yet to be fully implemented. Alfred Huger, vice president of development at Symantec Corp.'s security response group notes, Downadup has yet to trigger it's second stage of attacks.

Typically worms of this nature are used to infect PCs so that hackers can then use those machines for further attacks. Either to send spam, launch attacks against other Web sites or compromise more computers. To do that, the original virus or worm directs the infected PC, a "bot" or a "zombie", to download additional software.

"Why is it taking so long? That's what we're all asking." Huger tells ComputerWorld. Stating he couldn't recall an attack of this size with such a long lag time between the initial attacks and follow-on downloads of more malware to the hijacked systems.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you