RSS Alerts

Share

More services

Related Stories

  • A Rotting Security Apple?
    Vendors, analysts, and commentators alike have long predicted a surge in malware affecting Apple’s products. Yet, until recently, these prognostications have failed to materialize. Drew Amorosi examines recent malware threats to Apple’s OS X operating system to find out if this is an anomaly, or a sign of things to come
  • Taking Down a Botnet
    This past February, Microsoft, along with industry partners and academic researchers, spearheaded an effort to take the Waledec botnet offline. Drew Amorosi provides a detailed account of just how the cooperative endeavor was able to halt – at least temporarily – the notorious spam serving network.
  • What’s in store for 2010?
    The Noughties are behind us now, but memories of a decade of data breaches will continue to haunt the infosec professional. If only there was a way of knowing what the threat landscape would look like in the months to come. Well you’re in luck as Davey Winder has dusted off the crystal ball and spoken to a broad church of infosec professionals to get some informed predictions for 2010
  • Coughs and sneezes spread diseases
    Mobile devices can keep business ticking over when human diseases strike, but the devices have viruses of their own, finds William Knight
  • Anti-virus: a technology update
    Anti-virus software might be the archetypal security product, but with so many high-profile malware attacks – including Stuxnet and Zeus – is it doing its job? Kevin Townsend investigates whether anti-virus software is still relevant

Top 5 Stories

News

Network Worms are Back

05 December 2008

If you thought the age of mass infections via network worm was over, think again. A worm exploiting a recently-announced Windows flaw has infected at least half a million machines in just a couple of weeks, according to experts.

We covered the release of Downadup (also known as Conticker), last week. The worm, which takes advantage of the MS08-067 vulnerability, attacks Windows machines through port 445 and takes advantage of an RPC flaw. An infected machine sets up an HTTP server used to download the worm to other machines.

Ivan Macalintal, researcher at Trend Micro Advanced Threats, explained that the success of the infection mechanism invoked the bad old days of network worms that spread dramatically and infected machines en masse. The last worm to achieve significant success in this way was Zotob, which spread widely in late 2005. Subsequently, malware infection vectors switched to web applications and the use of 'drive-by downloads'.

"We should not be too complacent about these old mechanisms of malware infection being used again," he added, emphasising the importance of applying security patches. Microsoft released a patch for the flaw a month ago, but many have not applied it, or failed to restart machines that downloaded it.

There is also evidence that the malware (which Trend Micro identifies as WORM_DOWNAD.A) is designed to check back in for future downloads at set times in the future. "The worm generates a randomised version of itself and it has the ability to generate future domains according to the date and time," said Macalintal. This would make it easier for infected machines to contact command and control servers and download more malware, even if the botnet's controllers were taken offline temporarily as occurred with alleged botnet operator McColo recently. "This is a plan that was laid out before they put the code in the wild," Macalintal concluded.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012