Feeds

Conficker zombies celebrate 'activation' anniversary

Anti-climactic Downadup gets one bump

Website security in corporate America

Thursday marks the first anniversary of the much hyped Conficker trigger date. Little of note happened on 1 April 2009 and machines infected by Conficker (aka Downadup) remain largely dormant, but an estimated 6.5 million Windows PCs remain infected with the threat.

These machines are "wide open to further attacks", net security firm Symantec warns.

The rascals behind the worm remain unknown and the purpose of the malware unclear. Some in the anti-virus industry, such as Raimund Genes, CTO of Trend Micro, reckon the malware was designed to distribute scareware (fake anti-virus scanners designed to nag victims into buying software of little or no utility, often on the basis of false warnings of Trojan infection).

Machines infected with the C variant of Conficker subsequently became infected with Spyware Protect 2009 (a scareware package) and the Waledac botnet client, a factor that supports this theory. Infected machines are closely monitored by law enforcement and by members of the Conficker Working Group, a factor that goes a long way towards explaining why crooks have not used the huge botnet under their control to send spam, launch a denial of service attack or any other form of high visibility attack.

The first version of Conficker began spreading in November 2008, initially using a recently patched Microsoft Windows vulnerability to infect systems. Later its capability of jumping from infected USB sticks onto PCs or via weakly secured network shares became more important. Early victims included the Houses of Parliament, the Ministry of Defence and Manchester City Council.

More recently Greater Manchester Police, which was forced to unplug itself from the Police National Computer for five days in February in order to carry out a clean-up operation, and several hospitals in the UK were laid low by Conficker. Orla Cox, security operations manager at Symantec Security Response, said that “Conficker may not be the biggest known botnet on the block, but it still has the potential to do serious harm”.

Approximately 6.5 million systems are still infected with either the A or B variants of Conficker. The C variant, which used a P2P method of spreading, has been slowly dying out over the past year as victims clean up their systems.

Around 210,000 machines are reckoned to be infected with this variant, down from an April 2009 peak of 1.5 million victims. Another variant, Conficker-E, emerged on last April but was programmed to delete from infected systems a month later and has all but disappeared.

Symantec has published a video charting the evolution of Conficker. The clip also runs through a list of suggested countermeasures, such as keeping systems fully patched and running up to date anti-virus (natch). ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.