'Huge increase' in worm attacks plague unpatched Windows PCs

2 comments | 8I like it!
January 12, 2009, 08:43 PM —  Computerworld — 

A computer worm that exploits a Windows bug Microsoft Corp. patched more than two months ago continues to wreak havoc, a security company said Monday, as it boosted its overall threat ranking and warned users to patch their PCs.

"We've seen a huge increase in the number of [malware] samples, as well as infections," said Ryan Sherstobitoff, chief corporate evangelist at Panda Security, referring to the "Conficker.c" worm.

In response, Panda upped its Global ThreatWatch to "orange" status, a move that means the company believes users face "an important danger."

The worm, which was first reported by Panda and other security companies on Dec. 31, 2008, exploits a vulnerability in the Windows Server service that's part of all currently supported versions of Microsoft's operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008.

Microsoft issued an emergency patch Oct. 23 to fix the flaw with one of its rare "out of cycle" updates.

Conficker.c, said Sherstobitoff, pings machines with malformed RPC (remote procedure call) packets in the hope of finding PCs not yet patched with the October update. The worm can also spread via brute-force attacks against systems' usernames and passwords, and from an infected PC to a USB-based device, such as a flash drive or digital camera, on which it then hitchhikes to another computer.

Once on a system, the worm downloads new versions of itself from a rapidly changing list of malicious Web sites, tries to block most security software updates, and installs more malware on the machine.

"The biggest issue is replication over the network," said Sherstobitoff, who added that the USB attack vector, while serious, has so far played just a small part in the overall picture.

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

I like it!
Close

On Twitter now

security

Powered by Twitter
You are logged in | Sign out
Sign in and post to Twitter

What are you thinking?

Cancel Tweet sent

On Twitter now

Comments

Just a Little

Just a little late with this article. The infestation of downadup.b has been growing for the past week at a alarming rate. I have been removing this worm from machines for the past week. All I have to say is any effected machine should be removed from the network due to the broadcasting of this virus.
| reply

バッテリー

大阪でバッテリー販売。 セルモーターリビルト。 オルタネーターリビルト。リビルト在庫多数。大阪で電装品販売。リンク品在庫多数。大阪でウイング車モーター修理・販売・在庫多数。大阪でパワーゲート車モーター修理・販売・在庫多数。
| reply
peer-to-peer

Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers

Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal

Tom Henderson
Top Ten General Operating Systems Rants

pasmith
PS3 motion controller delayed; goes up against Project Natal

sjvn
Neolithic Windows security hole alive and well in Windows 7

claird
Perl source code comparison makes for good reading

mikelgan
Cell phones don't create stress or interrupt much

Sandra Henry-Stocker
How to: The Unix Interview

 

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
Marketplace