tagged w/ conficker
-
-
Identity theft is preventable. As with any other crime, the risk will always be there. But there are many things people can do to minimize that risk, both online and offline. The National Foundation for Credit Counselors, which sponsors Protect Your Identity Week, has compiled a number of identity theft myths.
http://information-security-resources.com/2009/11/09/ten-common-identity-theft-myths-dispelled/Identity theft is preventable. As with any other crime, the risk will always be there.... more
-
-
Conficker uses flaws in Windows software to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors.Conficker uses flaws in Windows software to co-opt machines and link them into a... more
-
-
BOSTON - A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said.
Conficker, also known as Downadup or Kido, is quietly turning thousands of personal computers into servers of e-mail spam and installing spyware, they said.
The worm started spreading late last year, infecting millions of computers and turning them into "slaves" that respond to commands sent from a remote server that effectively controls an army of computers known as a botnet.
Its unidentified creators started using those machines for criminal purposes in recent weeks by loading more malicious software onto a small percentage of computers under their control, said Vincent Weafer, a vice president with Symantec Security Response, the research arm of the world's largest security software maker, Symantec Corp.
"Expect this to be long-term, slowly changing," he said of the worm. "It's not going to be fast, aggressive."
Conficker installs a second virus, known as Waledac, that sends out e-mail spam without knowledge of the PC's owner, along with a fake anti-spyware program, Weafer said.
The Waledac virus recruits the PCs into a second botnet that has existed for several years and specializes in distributing e-mail spam.
"This is probably one of the most sophisticated botnets on the planet. The guys behind this are very professional. They absolutely know what they are doing," said Paul Ferguson, a senior researcher with Trend Micro Inc, the world's third-largest security software maker.BOSTON - A malicious software program known as Conficker that many feared would wreak... more
-
-
SALT LAKE CITY - University of Utah officials say a computer virus has infected more than 700 campus computers, including those at the school's three hospitals.
University health sciences spokesman Chris Nelson said the outbreak of the Conficker worm, which can slow computers and steal personal information, was first detected Thursday. By Friday, the virus had infiltrated computers at the hospitals, medical school, and colleges of nursing, pharmacy and health.
Nelson says patient data and medical records have not been compromised. "That's secured in a much deeper way because of the implications," he said.
Nelson said the virus is mainly attacking personal computers and could be siphoning login and password data, credit card numbers and banking information.
Directions for purging the virus from personal computers and equipment like thumb drives, digital cameras and smart phones has been distributed to staff and students. Information technology staff shut of Internet access for up to six hours at some campus locations Friday so they could isolate the virus. They were expected to work through the weekend to eradicate it from the system.
Mindy Tueller of the university's office of information technology said all faculty and students should take steps to make sure they are protected. The virus does not infect Macs.
"It can do a lot of bad things," Tueller said. "Every university member should be concerned about this if they're using Windows-based devices."
4/12 19:48 PM ETSALT LAKE CITY - University of Utah officials say a computer virus has infected more... more
-
-
The Conficker worm is finally doing something--updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.
Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.
The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.
The worm also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog.
Because infected computers are receiving the new component in a staggered manner rather than all at once there should be no disruption to the Web sites the computers visit, said Paul Ferguson, advanced threats researcher for Trend Micro.
"After May 3, it shuts down and won't do any replication," Perry said. However, infected computers could still be remotely controlled to do something else, he added.
4/10 9:00 AM ET ClipsFC - WandaThe Conficker worm is finally doing something--updating via peer-to-peer between... more
-
-
The Conficker worm is finally doing something--updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.
Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.
The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.
The worm also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog.
Because infected computers are receiving the new component in a staggered manner rather than all at once there should be no disruption to the Web sites the computers visit, said Paul Ferguson, advanced threats researcher for Trend Micro.
"After May 3, it shuts down and won't do any replication," Perry said. However, infected computers could still be remotely controlled to do something else, he added.
Last night Trend Micro researchers noticed a new file in the Windows Temp folder and a huge encrypted TCP response from a known Conficker P2P IP node hosted in Korea.
"As expected, the P2P communications of the Downad/Conficker botnet may have just been used to serve an update, and not via HTTP," the blog post says. "The Conficker/Downad P2P communications is now running in full swing!"
In addition to adding the new propagation functionality, Conficker communicates with servers that are associated with the Waledac family of malware and its Storm botnet, according to a separate blog post by Trend Micro security researcher Rik Ferguson.
The worm tries to access a known Waledac domain and download another encrypted file, the researchers said.
Conficker.C failed to make a splash a week ago despite the fact that it was programmed to activate on April 1. It has infected between 3 million and 12 million computers, according to Perry.
Initially, researchers thought they were seeing a new variant of the Conficker worm, but now they believe it is merely a new component of the worm.
The worm spreads via a hole in Windows that Microsoft patched in October, as well as through removable storage devices and network shares with weak passwords.
The worm disabled security software and blocks access to security Web sites. To check if your computer is infected you can use this Conficker Eye Chart or this site at the University of Bonn.
[b]Check if your infected[/b]
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
http://iv.cs.uni-bonn.de/fileadmin/user_upload/werner/cfdetector/The Conficker worm is finally doing something--updating via peer-to-peer between... more
-
-
The "activation" of Windows machines infected with the latest variant of the Conficker worm has allowed security watchers to come up with a far more accurate estimate of how many machines are infected.
Early versions of Conficker called home to 250 different domain names every day to check for updates. Since Wednesday, machines infected by with the latest version of the worm (Conficker-C) began using a sample of 500 out of pre-programmed 50,000 domains a day to search for upgrades.
The unknown virus writers who created the worm are yet to publish any such update, but the call-back behaviour has allowed anti-virus firms to come up with an estimate of how many machines are infected by Conficker-C for the first time.
Vietnamese antivirus firm Bkis reckons 1.3m machines are infected with Conficker-C. A breakdown of infections by country, compiled by Bkis, can be found here. The combined number of computers infected by Conficker A and B is 2.2m, according to Bkis.
That total of around 3.5m is in line with a detailed technical analysis by Conficker which puts the size of the Conficker botnet at between three and four million strong.
IBM's X-Force has a mash-up using Google Maps or Conficker infections across the world, which can be found here. The Conficker Working Group has published more detailed infection maps here.
Estimates of the number of machines ever infected by Conficker vary from ten to 15 million, but these figures ignored disinfections and other factors. It's more meaningful to talk of the current number of zombie drones rather than the number ever infected, because it gives a much better idea of the potential for harm.The "activation" of Windows machines infected with the latest variant of the... more
-
-
April 1 has come and gone and in the minds of many people the Conficker worm turned out to be a joke instead of the major Internet security event that might have been envisioned. Was the hype good, or bad, and who is to blame?April 1 has come and gone and in the minds of many people the Conficker worm turned... more
-
-
ac
-
added this
-
3 years ago
- |
-
With a suspected April 1 trigger, Conficker is set to rear its ugly head again. eWEEK Labs examines the worm's potential for problems, and why the vulnerability it exploits should cause IT managers to think twice about Windows upgrades--and alternatives to Windows.
Conficker is a work of malware that, in the form of multiple variants, has been worming its way through unpatched Windows desktop and server machines for the past four months.
Conficker has garnered mainstream attention of late due to an April 1 trigger that researchers have identified in the most recent variant of the worm. On this date, it appears that Conficker-infected machines will change the way that they "phone home" to fetch new code and instructions from whomever holds the worm's reins.
In October 2008 Microsoft released a fix for the vulnerability that Conficker exploits, in a patch that Microsoft deemed critical enough to release outside of its typical Patch Tuesday schedule. Still, enough Windows machines have remained unpatched for Conficker to spread to what security researchers estimate to be millions of machines.
Presumably, the goal of Conficker's controllers involves the creation of a botnet that would carry out illegal machine-based activities by proxy, but there's no telling exactly what the worm's makers have in mind.
The prescription for Conficker prevention is prompt system patching (particularly when Microsoft singles out a fix for out-of-band distribution), combined with client firewall and antivirus software for blocking the worm's activities and detecting and eliminating the malware where it surfaces.
In addition, members of the security community have prepared a set of freely available tools to aid in Conficker detection and removal for infected systems on your network.
More broadly, Conficker calls attention to the problems inherent in deploying client systems that offer up network-facing services to anonymous nodes, and highlights the importance of watching more closely the privileges granted to the system-level applications that run on mainstream operating systems.
Moreover, because Windows Vista and Windows Server 2008 machines have proven to be significantly less vulnerable to Conficker than systems running Windows 2000, XP and Server 2003, the worm also highlights the very real consequences of stepping off the so-called operating system upgrade treadmill. For all its hardware refresh requirements, potentially unwanted feature adjustments and software incompatibility wrinkles, Vista includes security enhancements that blunted the effect of Conficker on unpatched systems.With a suspected April 1 trigger, Conficker is set to rear its ugly head again. eWEEK... more
-
-
Google’s search rankings are being stuffed with links to fake security software that purports to remove Conficker, a widespread worm that’s currently the Internet’s number one security threat, but doesn’t. Certain search terms will bring up a host of Web pages that could either infect a PC with malicious software or try to sell a dodgy security program, said Rik Ferguson, senior security advisor for the vendor Trend Micro.Google’s search rankings are being stuffed with links to fake security software... more
-
