Join the Community

21,630
Expert opinions
43,844
Total members
422
New members (last 30 days)
159
New opinions (last 30 days)
28,577
Total comments

updated - Nine million PCs compromised - it gets worse....

Be the first to comment

Downadup aka Conficker is a rather nasty worm which attacks a vulnerability in Microsoft Windows. The infection rate is going through the roof according to researchers at F-Secure.

The figures are sobering with 6.5 million new infections in four days, although some security experts are questioning the figures.

Microsoft did release an emergency patch around three months ago but as you might expect - around a third of Windows machines haven't had it applied yet. To add to the problem, some researchers believe compromised PCs are unable to receive Microsoft updates, thus Microsoft's malicious software removal tool is unlikely to be very effective in combatting it.

The worm spreads via a number of mechanisms including USB memory sticks via a sneaky social engineering ruse and does an excellent job of protecting itself, so once the malware gets inside a corporate network, it can be unusually difficult to remove completely.

It protects itself by making sure it restarts early on when Windows boots up. It also changes access rights to infected files and registry keys so the user can't touch them and disables a number of services. It also blocks access to a number of domains relating to security matters to further hinder the user. In fact it seems to do quite a lot.

More about the worm from F-Secure and The Register.

So. If you're running Windows, is your machine patched and up to date?

Microsoft Security Bulletin

Updated 20/01/2009

It's still spreading - but as yet there's no obvious malicious payload - possibly the miscreants have left it too late now the eyes of the world are upon them. There is always the chance however that someone else will tap into it for malicious purposes.

The Register are reporting that the MoD are having problems - possibly related?

And hospitals in Sheffield are infected after automatic updates were disabled. This seemingly barmy management decision was made after problems were experienced with PCs in operating theatres rebooting themselves. Well, durrr.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

21,630
Expert opinions
43,844
Total members
422
New members (last 30 days)
159
New opinions (last 30 days)
28,577
Total comments

Trending

Nkiru Uwaje

Nkiru Uwaje Chief Operating Officer at Mansa

Explained: The Tokenisation of Financing

Dirk Labuschagne

Dirk Labuschagne Chief Information Security Officer at Direct Transact

Financial Shutdown Risk Mitigation

Now Hiring