Sunday, January 25, 2009

Downadup worm replicates itself at astonishing speed!

Call it Conficker, Downadup or Kido - the fact is the nasty worm is spreading at a very rapid speed! There is no checking the pace at which it is infecting PCs; and with already more than 9 million victims, including corporate networks worldwide, the worm is still going strong!
The Downadup worm made its first appearance two months back, exploiting a critical Windows flaw in the way the Server Service handles RPC requests. A blended threat, the malware relies upon many attack vectors - from brute-force password guessing to hitching rides on USB sticks - for replicating itself to spread throughout a network.
The unique rate of speed at which the worm replicates has perplexed experts. Security researcher, Derek Brown, of TippingPoint's DVLabs Team, said: "The notion of using multiple attack vectors is not terribly new. The unique thing about this worm is the speed at which it has spread and I think that's a result of the big size of the Microsoft vulnerability."
Experts also opine that though the Downadup malware got started because of the Microsoft flaw, it later proliferated quickly through the unpatched Windows operating systems of the users.
Though the malicious worm knows no land barriers, the hardest hit countries, as per Symantec Security Response, are China and Argentina. According to the Symantec vice president, Alfred Huger, China accounts for almost 29 percent of the infections tracked, Argentina was next in line with over 11 percent infections.
more.....

Computer worm called 'authentic risk

If you’ve never heard the words “Conficker” or “Downadup,” wait a few hours.

They’re rapidly becoming household words for personal computer owners.
Various major newspapers and television news shows reported Friday morning that the latest computer worm might now infect as many as 10 million computers worldwide.
According to a report in the Detroit Free Press, the worm is so virulent because it seems to “mutate” and launch “brute force attacks” that relentlessly try thousands of letter and number combinations in codes to steal personal passwords and login information.
Because most computer users choose passwords that they can remember easily, the words might also be something the worm can guess easily. Once in control of a computer the worm can launch spam, phishing attacks, shut down the Internet with massive traffic or access bank records.
According to F-Secure, an antivirus software company, the Conficker worm is spreading at a rate of 1 million new machines a day. It can be spread by USB stick also.
F-Secure has updated its Downadup removal tool, and the United States Computer Emergency Readiness Team has issued Alert TA09-020A, which describes how to disable AutoRun on Microsoft Windows systems in order to help prevent the spread of Conficker/Downadup via USB drives.
According to Symantec, the top infected countries in order of infection are: China, 28.7 percent; Argentina, 11.3 percent; Taiwan, 6.7 percent; Brazil, 6.2 percent; India, 5.8 percent; Chile, 5.2 percent; Russia, 5 percent; Malaysia, 2.8 percent; Columbia, 2.1 percent; and Mexico, 1.9 percent.
Philip Templeton of PT Technologies in Athens said everyone should keep his or her virus protection and software updates current.
“I have seen in the last four to six months more people getting viruses,” said Templeton. “But no matter what antivirus software you buy, nothing is 100 percent. Make sure your Windows Firewall is on, and it doesn’t hurt to change passwords periodically. I usually advise to make this a quarterly chore.”

No comments:

Post a Comment