Feeds

Conficker zombies celebrate 'activation' anniversary

Anti-climactic Downadup gets one bump

The essential guide to IT transformation

Thursday marks the first anniversary of the much hyped Conficker trigger date. Little of note happened on 1 April 2009 and machines infected by Conficker (aka Downadup) remain largely dormant, but an estimated 6.5 million Windows PCs remain infected with the threat.

These machines are "wide open to further attacks", net security firm Symantec warns.

The rascals behind the worm remain unknown and the purpose of the malware unclear. Some in the anti-virus industry, such as Raimund Genes, CTO of Trend Micro, reckon the malware was designed to distribute scareware (fake anti-virus scanners designed to nag victims into buying software of little or no utility, often on the basis of false warnings of Trojan infection).

Machines infected with the C variant of Conficker subsequently became infected with Spyware Protect 2009 (a scareware package) and the Waledac botnet client, a factor that supports this theory. Infected machines are closely monitored by law enforcement and by members of the Conficker Working Group, a factor that goes a long way towards explaining why crooks have not used the huge botnet under their control to send spam, launch a denial of service attack or any other form of high visibility attack.

The first version of Conficker began spreading in November 2008, initially using a recently patched Microsoft Windows vulnerability to infect systems. Later its capability of jumping from infected USB sticks onto PCs or via weakly secured network shares became more important. Early victims included the Houses of Parliament, the Ministry of Defence and Manchester City Council.

More recently Greater Manchester Police, which was forced to unplug itself from the Police National Computer for five days in February in order to carry out a clean-up operation, and several hospitals in the UK were laid low by Conficker. Orla Cox, security operations manager at Symantec Security Response, said that “Conficker may not be the biggest known botnet on the block, but it still has the potential to do serious harm”.

Approximately 6.5 million systems are still infected with either the A or B variants of Conficker. The C variant, which used a P2P method of spreading, has been slowly dying out over the past year as victims clean up their systems.

Around 210,000 machines are reckoned to be infected with this variant, down from an April 2009 peak of 1.5 million victims. Another variant, Conficker-E, emerged on last April but was programmed to delete from infected systems a month later and has all but disappeared.

Symantec has published a video charting the evolution of Conficker. The clip also runs through a list of suggested countermeasures, such as keeping systems fully patched and running up to date anti-virus (natch). ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?