Blog article
See all stories ยป

updated - Nine million PCs compromised - it gets worse....

Downadup aka Conficker is a rather nasty worm which attacks a vulnerability in Microsoft Windows. The infection rate is going through the roof according to researchers at F-Secure.

The figures are sobering with 6.5 million new infections in four days, although some security experts are questioning the figures.

Microsoft did release an emergency patch around three months ago but as you might expect - around a third of Windows machines haven't had it applied yet. To add to the problem, some researchers believe compromised PCs are unable to receive Microsoft updates, thus Microsoft's malicious software removal tool is unlikely to be very effective in combatting it.

The worm spreads via a number of mechanisms including USB memory sticks via a sneaky social engineering ruse and does an excellent job of protecting itself, so once the malware gets inside a corporate network, it can be unusually difficult to remove completely.

It protects itself by making sure it restarts early on when Windows boots up. It also changes access rights to infected files and registry keys so the user can't touch them and disables a number of services. It also blocks access to a number of domains relating to security matters to further hinder the user. In fact it seems to do quite a lot.

More about the worm from F-Secure and The Register.

So. If you're running Windows, is your machine patched and up to date?

Microsoft Security Bulletin

Updated 20/01/2009

It's still spreading - but as yet there's no obvious malicious payload - possibly the miscreants have left it too late now the eyes of the world are upon them. There is always the chance however that someone else will tap into it for malicious purposes.

The Register are reporting that the MoD are having problems - possibly related?

And hospitals in Sheffield are infected after automatic updates were disabled. This seemingly barmy management decision was made after problems were experienced with PCs in operating theatres rebooting themselves. Well, durrr.

Comments: (0)