RSS Alerts

Share

More services

Related Links

Related Stories

  • Greater Manchester Police hit by Conficker
    The continuing problem of staff popping infected USB sticks `from home' into their office PCs has reportedly hit Greater Manchester Police with a full-blown Conficker worm infection.
  • 2010 set to become the year of internet caution
    Research just released by ESET claims to show that, whilst Conficker might have ended 2009 accounting for 9.85% of all malware, the next year or two will see an increasing emphasis on the isolation of infected systems until their owners take remedial action.
  • Comment: Thoughts from a security researcher on Conficker
    Patrick Runald, senior threat research manager at Websense Security Labs shares his thoughts on Conficker as the worm reaches its first anniversary of appearing in the wild.
  • Conficker's first birthday looms - seven million IPs still infected
    As Conficker approaches the first anniversary of its appearance in the wild, the Shadowserver Foundation says that at least seven million IP addresses - each representing one or more computers - are now infected by the worm.
  • Nine lives - when malware becomes self-modifying
    As the Conficker (aka Downadup and Kido) worm proved when it first appeared in October 2008, there's more to a piece of malware code than meets the eye, especially when it is self-updating. But can self-updating also mean self-modifying? Steve Gold investigates whether an IT security manager's nightmare has become programming reality...

Top 5 Stories

News

Conficker still a threat, says Working Group

14 June 2010

The Conficker worm continues to be a threat and businesses need to be aware of two vulnerabilities it may have introduced to their IT systems, says an industry group set up to combat the malware.

Conficker typically disables the automatic updates for the Microsoft Windows operating system and turns of traditional anti-virus, but few business organisations are aware of this", Rodney Joffe, director of the Conficker Working Group, told Computer Weekly.

Criminals can identify all IP addresses infected by the Conficker worm and the date infection occurred, he said.

From this information, they will know the vulnerabilities of these IP addresses. They are likely to be vulnerable because they have not received Microsoft security updates from the date of infection and have probably had all AV systems disabled, said Rodney Joffe.

Once a potentially vulnerable IP address is known, criminals can use reverse-mapping technology to identify the organisation that IP address belongs to. Criminals can then use the IP address as a way of launching attacks on other machines behind the organisation's firewall, he said.

Just because there have been no big attacks linked to Conficker since April 2009, it is dangerous to assume that nothing is happening, said Joffe.

It would be stupid for criminals not to use Conficker and it is possible the machines dropping off the Conficker Working Group's regular scans are being sold to others to use as potential targets because most machines infected with Conficker are likely to be susceptible to other attack methods, he said.

The only way organisations can be sure they are not vulnerable is to contact one of the members of the Conficker Working Group to check whether their IP addresses are being picked up in the organisation's scans, said Joffe. Organisations can do this free of charge.

Businesses and other organisations can also use standalone disinfection tools and check their firewall logs to see if any of the machines within their network have attempted to make any unauthorised connections to Conficker command and control centres, he said.

Only through a concerted effort using this approach has the US Federal network been able to reduce the number of infected machines from thousands to below 50, said Joffe.

This story was first published by Computer Weekly
 

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012