- Fashion Style
- How to ?
- Men Women
Conficker with 10M victims, April 1 update soon
Security experts are downplaying much of the speculation surrounding an expected 1 April update for the notorious Conficker malware. Also known as ‘downadup’, the malware has been spreading throughout 2009 and is believed to have infected millions of PCs. Analysis of the Conficker code suggests that the latest version will instruct infected machines on 1 April to contact an unknown domain and await further instructions. The possibility has led to reports of a possible “doomsday” infection, or a huge attack from the Conficker botnet. These worries, however, are little more than uninformed hysteria, according to security experts. Many security researchers believe that Conficker’s April Fool’s Day event may in fact be laughably minor. F-Secure researchers reassured users in a special guide posted to the company blog that in all likelihood Conficker’s 1 April update would be a non-event.
“The Conficker worm is going to change its operation a bit, but that’s unlikely to cause anything visible on 1 April,” F-Secure said. The company also noted that only the latest version of the malware, known as ‘Conficker C’, which constitutes a small percentage of total infections, would be carrying out any instructions on 1 April. “The truth is that Conficker is not set to activate a specific payload on 1 April. Rather, Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.” Malware creation has evolved into a lucrative business since Melissa, and most experts believe that Conficker’s update will be the first step in a spam run or other money-making activity, rather than an old-fashioned attempt at internet mayhem. “The people behind this piece of code are very skilled, very well informed and resourced. They have invested much time and effort in the creation of this botnet, and will be aiming to see some return on that investment,” wrote Trend Micro senior security advisor Rik Ferguson in a blog post.
Analysts expect Conficker virus activation
Security watchers are bracing themselves to respond to the activitation of the huge botnet created by the Conficker superworm. The malware has created a network of infected PCs under its control estimated at 9m or even more, according to the latest estimates — dwarfing the zombie army created by the infamous Storm worm, which reached a comparatively paltry 1m at its peak in September 2007. Variants of Conficker (aka Downadup), which began circulating in late November, exploit the OpenDNS
vulnerability in the Microsoft Windows server service addressed by Redmond with an out-of-sequence patch last October. The malware also infects removable devices and network shares using a special autorun file. The worm uses social engineering trickery so that users on Windows machines looking to simply browse the contents of a memory stick may be tricked into selecting an option that actually runs a malware payload and infects their PC. Conficker infections have been detected in more than 80 countries with Spain, the USA, Taiwan and Brazil most hit, according to anti-virus firm Panda Security. One in 14 (six per cent) of 2m machines submitted to Panda’s online scanner are affected by the worm. This, of course, represents a sample of PCs where the owners have reason to think something might be wrong and so may not be representative of the internet at large. Nonetheless, it’s a huge figure. The worm is confirmed to have hit a Sheffield hospital and is suspected of infecting UK Ministry of Defence systems, including local area networks on warships. Security watchers reckon that the more open nature of public-facing organisations explains why these attacks have hit the press. There’s no reason to suspect that private sector firms are any better protected against such attacks, as previous worm spreads have demonstrated time and again.
Source: The Register