Friday, January 16th 2009
New Windows Worm-Attack Most Severe in Recent Times
Some of the most severe worm attacks in memory include the infamous w32.nimda, w32.sasser and w32.blaster: all pieces of software affecting Windows PCs, and their ever-fragile defenses against new-forms of malware. Enter Downadup aka Conficker worm. This worm targets Windows PCs and servers. Mikko Hypponen, chief research officer at anti-virus firm F-Secure points out to the possibility of this new worm originating from Ukraine, after the security software firm reverse-engineered the virus. It is said to have a unique "phone back home" property that makes it potentially dangerous to let stay on an infected machine, as it could steal and send back vital/confidential data. The worm transmits itself across local networks and the wide-area networks over internet, scanning for and infecting as many machines as it finds. Microsoft on its part had dispatched a security update for all its current Windows operating systems (MS08-067) that fixes the vulnerability the worm takes advantage of, available via Microsoft Update.
The infection rate of this worm is severe to very-severe. Corporate networks are the worst hit despite them - usually - having the best security measures in place. "On Tuesday there were 2.5 million, on Wednesday 3.5 million and today [Friday], eight million, It's getting worse, not better." said F-Secure's Hypponen. The makers of the worm have put in a great deal of work to ensure it is difficult to detect and remove. Not much more is known about the purpose of this worm, except that it steals data and replicates itself at phenomenal rates. While the worm doesn't send itself stray over the internet or by e-mail, for home and corporate networks, it immediately scans and discovers new machines to infect. The worm also has the intelligence to guess passwords for password-locked shares. The best way to counter this worm is by securing your networks, downloading and applying Microsoft's patch to all machines of the network, and setting tough, long alphanumeric passwords for your network resources such as routers and shares. Individual machines are easy to disinfect, but not large corporate networks with layers of security. The problem is for companies with thousands of infected machines, which can become re-infected from just one computer even as they are being cleared.
Source:
CNN
The infection rate of this worm is severe to very-severe. Corporate networks are the worst hit despite them - usually - having the best security measures in place. "On Tuesday there were 2.5 million, on Wednesday 3.5 million and today [Friday], eight million, It's getting worse, not better." said F-Secure's Hypponen. The makers of the worm have put in a great deal of work to ensure it is difficult to detect and remove. Not much more is known about the purpose of this worm, except that it steals data and replicates itself at phenomenal rates. While the worm doesn't send itself stray over the internet or by e-mail, for home and corporate networks, it immediately scans and discovers new machines to infect. The worm also has the intelligence to guess passwords for password-locked shares. The best way to counter this worm is by securing your networks, downloading and applying Microsoft's patch to all machines of the network, and setting tough, long alphanumeric passwords for your network resources such as routers and shares. Individual machines are easy to disinfect, but not large corporate networks with layers of security. The problem is for companies with thousands of infected machines, which can become re-infected from just one computer even as they are being cleared.
30 Comments on New Windows Worm-Attack Most Severe in Recent Times
So far, there is no windows update in windows 7 beta unless it was included in the one for windows defender.
There is nothing on my XP64 windows update page, was the patch just released today, or might I have already installed it 2-3 days ago?
www.viruslist.com/en/alerts?alertid=203996089
insider: corporate networks are more secure than the average home network... in theory at least.
passwords should always contain letters and numbers, and if you want it secure use symbols and a mix of capital and lower case letters.
www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Microsoft page with links to the updates to block the worm.
Assume that if you are upto date with windows updates and you have a real antivirus, that you are safe.
Dont forget that hackers/some viruses have automated tools - if they know its based on your phone numbers they can just add those and let a brute force attacker do the rest.
I generate my passwords with uhh, quantum physics calculations and uhh.. klingon proverbs. hack that :) (misidrection ftw!)
I'll reconsider my password as now I feel inferior to your quantum physics calculations. :wtf:
Password fail is normally due to people having the same password for multiple accounts, I know people that use the same password for multiple access points and this is screaming total rape if someone cracked their pass.
Your browser had to open a port to type the message you just typed, and have it appear online - that port is now open for a worm to pass out of. The same is true for them to pass back IN.
A good all in one AV and firewall is all you need to be safe, and windows updates block these really big ones anyway.
worms arent the same as a regular virus as they dont need you to click an exe or view a website, they just need a connection to your PC and they'll happily borrow another programs connection to do so.
(and of course i was kidding about the quantum physics password. mine are just numbers and letters)
"Microsoft Security Bulletin MS08-067 – Critical
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Published: October 23, 2008"
so insider, you propably has that update for a long time ;)
Quick Details
File Name: Windows6.0-KB958644-x64.msu
Date Published: 10/22/2008
Don't have automatic updates on, but even my manual update cycle isn't that long :)
This worm seems effective and efficient, i like it. Reminds me of Cisco's speed.