Conficker Continues To Spread

The spread of Conficker/Downadup since February

The spread of Conficker/Downadup since February

Well much of the media hype seems to have died down around Conficker/Downadup, but it is still out there spreading far and wide. In fact the Symantec threat intelligence team estimate 50,000 PCs a day right are attacked. However just to clarify, this isn’t necessarily a cumulative total because it doesn’t take into account machines which don’t get cleaned up and get repeatedly infected.

This is a heat map of the spread of Conficker since February and as you can see the US, Brazil and India top the charts.

May 20, 2009 | Filed Under Virus, cyber-crime, security | 18 Comments 

The Worm Turns?

A new sample of Conficker (Downadup) has been found on one of our honeypot machines. (These are part of our Global Intelligence Network – which operates in 200 countries, gathering details and statistics on malware.) The new sample has reintroduced one of the exploit vectors (MS08-067) and also appears to be connected to another piece of malware (W32.Waledac) a very active spambot.

W32.Waledac steals sensitive information, turns computers into spam zombies, and establishes a back door remote access. Symantec products already provide antivirus and IPS protection for Waledac.

Perhaps most interestingly, there is also a ‘kill’ component – whereby it looks like the worm will remove itself from infected hosts on May 3rd 2009. Does this mean that there will be a new variant by then, or will its true purpose have been revealed by then?

April 9, 2009 | Filed Under Virus, security | Leave a Comment 

April 1st… Meltdown or Joke?

So, tomorrow is the big day – what will Conficker do? Will it be like Y2K where there was a thought that the Internet was going to melt down – but it ultimately turned into ‘just another day’… or will Conficker (aka Downadup and Kido) bring the Internet to a standstill. Of course the answer is that we will have to wait.

We do know that the latest incarnation Conficker-C will ‘change’ tomorrow, it will harden itself against security updates and OS patches and the number of servers it will reach out to will increase from hundreds to thousands, but as to what it will download… who knows. With millions of machines around the world infected it could be used for a massive denial of service attack, or perhaps a spam / phishing one.

You can protect yourself – a good anti-virus / Internet security suite will do the trick (I have Norton on my home machines and, of course we use Symantec on the corporate ones) , and if you are infected, then there is plenty of information as to how to remove it. Conficker has caught the imagination of the press and so there is a lot being written about it, however, there were more pieces of malware created in2008 than in all the preceding years put together… and Conficker is just one of them (well three, but it depends how you count!) Of course, compared to the average nasty, Conficker is smarter, it transforms itself and uses multiple routes to infect the unpatched, unsecured targets.

Sitting here in the UK, we have a small advantage, like with Y2K, we will see the effects in Australia and AsiaPac before it gets to us – and for them its now less than 2 hours to go…

March 31, 2009 | Filed Under security | Leave a Comment