Conficker Continues To Spread

By admin | May 20, 2009 | 18 Comments 

admin
The spread of Conficker/Downadup since February

The spread of Conficker/Downadup since February

Well much of the media hype seems to have died down around Conficker/Downadup, but it is still out there spreading far and wide. In fact the Symantec threat intelligence team estimate 50,000 PCs a day right are attacked. However just to clarify, this isn’t necessarily a cumulative total because it doesn’t take into account machines which don’t get cleaned up and get repeatedly infected.

This is a heat map of the spread of Conficker since February and as you can see the US, Brazil and India top the charts.

The Worm Turns?

By Guy Bunker | April 9, 2009 | Leave a Comment 

Guy Bunker

A new sample of Conficker (Downadup) has been found on one of our honeypot machines. (These are part of our Global Intelligence Network – which operates in 200 countries, gathering details and statistics on malware.) The new sample has reintroduced one of the exploit vectors (MS08-067) and also appears to be connected to another piece of malware (W32.Waledac) a very active spambot.

W32.Waledac steals sensitive information, turns computers into spam zombies, and establishes a back door remote access. Symantec products already provide antivirus and IPS protection for Waledac.

Perhaps most interestingly, there is also a ‘kill’ component – whereby it looks like the worm will remove itself from infected hosts on May 3rd 2009. Does this mean that there will be a new variant by then, or will its true purpose have been revealed by then?

15 Million And Counting…

By Guy Bunker | January 26, 2009 | Leave a Comment 

Guy Bunker

So, the Downadup / Conficker worm has now infected 15 million systems – that’s pretty impressive considering that there was a fix last October to prevent it. What it does show is just how infrequently a significant number of users actually update their systems – even though they probably have a link to the Internet.

While the vast majority of the infections are in Asia, it now seems that there are outbreaks occurring closer to home – and within local government and business. This is more worrying – is the trend for patching vulnerabilities getting worse? Or are we seeing something different going on here? There is an increasing trend towards something call ‘consumerization of IT’. In essence, this is where you are allowed to use your own IT equipment for work – in some cases you get an allowance to purchase a system. The reason behind it is money – on a number of different levels and efficiency. However, what happens if there is a problem with the device, or it gets infected with a virus or worm. Who is responsible for sorting it out – the company, after all, if you have a worm like Downadup spread through your organization it is very expensive to resolve – or the individual, who might not be so worried or even know about the problems they are creating. Either way, these sorts of issues need to be resolved – as the problem is only going to get worse.

How’s it going to get worse? Well, connectivity is increasing, especially with the advent of Software as a Service and cloud computing, so more systems which are out of the IT department’s control will be attaching to the corporate network, furthermore consultants and other 3rd parties will also create this increased risk. The good news is… firstly, a lot of this can be prevented by regularly patching vulnerabilities in applications and the OS – so check your policy today. Secondly by using an anti-malware application for anti-virus, phishing, worms, rootkits etc you can be protected, but, again, only if they are kept up-to-date. Finally, there is a set of guidelines created by The Jericho Forumwhich will help in this new deperimiterised world… watch out for more on this next week!