Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43434
  • Total Topics: 16528
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2949
Total: 2952









Author Topic: Conficker zombie celebrate 'activation' anniversary (Kido, Spyware Protect 2009)  (Read 2294 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Thursday marks the first anniversary of the much hyped Conficker trigger date. Little of note happened on 1 April 2009 and machines infected by Conficker (aka Downadup) remain largely dormant, but an estimated 6.5 million Windows PCs remain infected with the threat.

These machines are "wide open to further attacks", net security firm Symantec warns.

The rascals behind the worm remain unknown and the purpose of the malware unclear. Some in the anti-virus industry, such as Raimund Genes, CTO of Trend Micro, reckon the malware was designed to distribute scareware (fake anti-virus scanners designed to nag victims into buying software of little or no utility, often on the basis of false warnings of Trojan infection).

Machines infected with the C variant of Conficker subsequently became infected with Spyware Protect 2009 (a scareware package) and the Waledac botnet client, a factor that supports this theory. Infected machines are closely monitored by law enforcement and by members of the Conficker Working Group, a factor that goes a long way towards explaining why crooks have not used the huge botnet under their control to send spam, launch a denial of service attack or any other form of high visibility attack: http://www.confickerworkinggroup.org/wiki/

The first version of Conficker began spreading in November 2008, initially using a recently patched Microsoft Windows vulnerability to infect systems. Later its capability of jumping from infected USB sticks onto PCs or via weakly secured network shares became more important. Early victims included the Houses of Parliament, the Ministry of Defence and Manchester City Council.

More recently Greater Manchester Police, which was forced to unplug itself from the Police National Computer for five days in February in order to carry out a clean-up operation, and several hospitals in the UK were laid low by Conficker. Orla Cox, security operations manager at Symantec Security Response, said that “Conficker may not be the biggest known botnet on the block, but it still has the potential to do serious harm”.

Approximately 6.5 million systems are still infected with either the A or B variants of Conficker. The C variant, which used a P2P method of spreading, has been slowly dying out over the past year as victims clean up their systems.

Around 210,000 machines are reckoned to be infected with this variant, down from an April 2009 peak of 1.5 million victims. Another variant, Conficker-E, emerged on last April but was programmed to delete from infected systems a month later and has all but disappeared.

Symantec has published a video charting the evolution of Conficker. The clip also runs through a list of suggested countermeasures, such as keeping systems fully patched and running up to date anti-virus (natch).

(Reg.)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023