A malicious software program known as Conficker that many feared would wreak havoc on April 1, 2009, is slowly being activated, weeks after being dismissed as a false alarm. Conficker, also known as Downadup or Kido, is considered one of the most sophisticated virus that quietly turning thousands of personal computers into servers of e-mail spam and installing spyware on unsuspecting personal computers.
The worm started spreading late last year, infecting millions of computers, allowing them to respond to commands sent from a remote server that could effectively control an army of computers. The Conficker worm is especially tricky because it can evade corporate firewalls by passing from an infected machine onto a USB memory stick, then onto another PC.
Its unidentified creators started using those machines for criminal purposes in recent weeks by loading more malicious software onto a small percentage of computers under their control. Fortunately, as far as computer viruses go, the number of infected computers that have become active is relatively small. Many experts believe, however that the Conficker virus is just getting started, installing a second virus, known as “Waledac”, which sends out e-mail spam without knowledge of the PC's owner, along with a fake anti-spyware program. Conficker also carries a third virus that warns users their PCs are infected and offers them a fake anti-virus program, Spyware Protect 2009 for $49.95. If they buy it, their credit card information is stolen and the virus downloads even more malicious software (Wikipedia).
The first variant of Conficker, discovered in early November 2008, propagated through the Internet by exploiting the vulnerabilities in the network services of several Microsoft Windows products. A second variant of the worm, discovered in December 2008, added the ability to propagate removable media and network shares. Researchers believe that these were decisive factors in allowing the worm to propagate quickly: by January 2009, the estimated number of infected computers ranged from almost 9 million to 15 million. Antivirus software vendor Panda Security reported that of the 2 million computers analyzed through ActiveScan, around 115,000 (6%) were infected with Conficker (Wikipedia).
Many researchers familiar with the virus fear the networks that are controlled by the Conficker worm might be deployed on April 1 since the worm surfaced last year and was programmed to increase communication attempts from that date. The good news is that the security industry that formed a task force to fight the worm, bringing widespread attention that experts said probably scared off the criminals who were responsible for the virus.
References
(Wikipedia) http://en.wikipedia.org/wiki/Conficker
Subscribe to:
Post Comments (Atom)
Mark,
ReplyDeleteI remember hearing about this report on the news, it caused much concern for computer owners. CNN reported that if you turn off your computer or disconnected from the inter-net the moment you reconnected the worm could still invade your fire walls. Very informative good post!