This week is the one-year anniversary of the Downadup/Conficker threat’s April 1, 2009 “trigger” date. Although, Conficker did not turn into a widespread threat or cause the significant damage it had the potential to inflict, one year later, we know that those behind Downadup/Conficker still potentially have the keys to some 6.5 million of these computers. These computers have not been fixed by their owners, leaving them open to be victimized at any time by cybercriminals.
While 6.5 million infected computers remain wide open to further attack, they are monitored very closely by law enforcement and by members of the Conficker Working Group. Should the criminal(s) attempt to use them, the alarm will sound. For the criminals holding the keys, too much attention may be a turn off and it will likely prevent them from carrying out their original malicious plans.
So, are we out of the woods in terms of Downadup/Conficker?
Probably not. Downadup/Conficker may not be the biggest known botnet on the block, but it still has the potential to do serious harm. Industry groups and law enforcement are being vigilant but the 6.5 million infected PC are very much so like a loaded gun, waiting to go off.
Here’s what we know today:
• Approximately 6.5 million systems are still infected with either the .A or .B variants.
• The .C variant, which used a peer-2-peer method of propagating, has been slowly dying out over the past year. From a high of nearly 1.5 million infections in April of 2009, the infection rate has steadily decreased to between 210,000 to 220,000 infections. This indicates some computer users are fixing the issue and getting rid of the infection.
• Symantec also observed another variant, .E, released on April 8, 2009, but this variant deleted itself from infected systems on or after May 3, 2009.
• Thus far, the machines still infected with Downadup/Conficker have not been utilized for any significant criminal activity, but with an army of nearly 6.5 million computers strong, the threat remains a viable one.
Symantec has put together the following video highlighting the evolution of Downadup/Conficker to help give computer users background on the threat and information about where it is today:
Orla Cox, Security Operations Manager at Symantec Security Response
But while it seems that David Beckham is increasingly likely to miss the World Cup due to injury, the cybercrime underworld are certain to be gathering their cohorts to spam and scam the unwary out of their hard earned cash. This is not anything new of course; cybercriminals regularly hide behind major news events like disasters and sporting events to spread their malicious activities. Whether it be phishing, spam, malicious downloads, poisoned searches, or anything else, they are trying to get hold of one thing – money!
Symantec recently launched a new website – www.2010netthreat.com – which will host up-to-date data and information specific to security threats and scams around the world cup in South Africa. Now we’ve developed a new video in the popular series ‘Symantec Guide to Scary Internet Stuff’ called Net Threats which seeks to educate users to the potential scams and threats cybercriminals use to hide behind major sporting events like the world cup. Please take a look and tell us what you think?
Two months into the New Year and we’re already starting to see a number of our 2010 cyber security predictions come true. At the start of the new decade, cybercriminals continue to be relentless in their pursuit of new and sophisticated attacks against consumers and enterprises.
Here are 10 serious facts about security that cannot be ignored in 2010:
- Cyber Attacks Hurt Businesses: 75 percent of enterprises have suffered a cyber attack in the past 12 months, losing an average of USD $2 million annually.
- Global Spam Shift: Asia Pacific and Japan and South America are taking spam share away from the traditional leaders of North America and EMEA.
- Malicious Activity Chart Topper: China is the top country for malicious activity, accounting for 25 percent of the global total.
- Credit Cards Are Number One Item for Sale: Credit Card information is the most commonly advertised item for sale on the underground economy, accounting for 18 percent of all goods and services.
- Banks Get Phished: 76 percent of brands used in phishing attacks in 2010 were in the financial sector.
- Out with Traditional Spam, in with Targeted Scams: The total number of scam and phishing messages came in at 21 percent of all spam, which is the highest level recorded since 2007.
- News Agenda Drives Attacks: The earthquake in Haiti sadly drove up the volume of scam and phishing messages as spammers used the tragic event for their benefit.
- Cybercriminals Follow the Masses: In Asia Pacific and Japan, the top web-based attack for Oct – Dec 2009 was related to the Microsoft® Internet Explorer® ADODB.Stream Object File Installation Weakness, which accounted for 41 percent of the total.
- Increasing Popularity of New Platforms will Drive New Attacks: Whilst an increase in iPad related search terms for SEO attacks and phishing attacks were observed during the Apple iPad launch.
- Cybercriminals After Information Rather than Infrastructures: Theft of intellectual property was reported as the top cyber loss for Singapore businesses.
Further details on the above statistics can be found in the below Symantec reports:
Microsoft has announced that today (Thursday 21st January) at approximately 6pm UK time, it will release an emergency out-of band patch to fix the Internet Explorer zero day security vulnerability that has been used by attackers in various high-profile targeted attacks, specifically the recent Trojan.Hydraq attacks waged against Google and a number of other companies.
The vulnerability affects Internet Explorer 6, 7 and 8, which make up the bulk of the versions used today. However, the only in-the-wild exploit code for this vulnerability detected thus far is confirmed to affect just Internet Explorer 6.
Based on our in-the-field detections, this security vulnerability has only been used in a very limited number of targeted attacks so far, however they appear to be very high profile attacks. The most likely attack vector used in the incidents seen thus far is targeted e-mails containing legitimate looking attachments or links to Web sites sent to high-level employees. When the attachment is opened, an exploit for the vulnerability springs into action and the computer becomes infected.
Despite the fact that we’ve seen just limited attacks using this vulnerability, with exploit code public, there is no reason to think we won’t see more attack attempts. And you can be sure bad guys are working overtime to create reliable exploits for the other affected versions of Internet Explorer, namely 7 and 8.
This security hole is so dangerous because it allows for remote exploitation. This means attackers can run any malicious code of their liking on a victim’s machine by taking advantage of the vulnerability.”
We strongly encourage users to patch their systems against this vulnerability. In addition, businesses are encouraged to consider implementing an automated patch management solution to help mitigate risk.