Friday, January 16th 2009

New Windows Worm-Attack Most Severe in Recent Times

Some of the most severe worm attacks in memory include the infamous w32.nimda, w32.sasser and w32.blaster: all pieces of software affecting Windows PCs, and their ever-fragile defenses against new-forms of malware. Enter Downadup aka Conficker worm. This worm targets Windows PCs and servers. Mikko Hypponen, chief research officer at anti-virus firm F-Secure points out to the possibility of this new worm originating from Ukraine, after the security software firm reverse-engineered the virus. It is said to have a unique "phone back home" property that makes it potentially dangerous to let stay on an infected machine, as it could steal and send back vital/confidential data. The worm transmits itself across local networks and the wide-area networks over internet, scanning for and infecting as many machines as it finds. Microsoft on its part had dispatched a security update for all its current Windows operating systems (MS08-067) that fixes the vulnerability the worm takes advantage of, available via Microsoft Update.

The infection rate of this worm is severe to very-severe. Corporate networks are the worst hit despite them - usually - having the best security measures in place. "On Tuesday there were 2.5 million, on Wednesday 3.5 million and today [Friday], eight million, It's getting worse, not better." said F-Secure's Hypponen. The makers of the worm have put in a great deal of work to ensure it is difficult to detect and remove. Not much more is known about the purpose of this worm, except that it steals data and replicates itself at phenomenal rates. While the worm doesn't send itself stray over the internet or by e-mail, for home and corporate networks, it immediately scans and discovers new machines to infect. The worm also has the intelligence to guess passwords for password-locked shares. The best way to counter this worm is by securing your networks, downloading and applying Microsoft's patch to all machines of the network, and setting tough, long alphanumeric passwords for your network resources such as routers and shares. Individual machines are easy to disinfect, but not large corporate networks with layers of security. The problem is for companies with thousands of infected machines, which can become re-infected from just one computer even as they are being cleared.Source: CNN
Add your own comment

30 Comments on New Windows Worm-Attack Most Severe in Recent Times

#1
exodusprime1337
thanx btarunr for posting this, good information to have early. makes me wonder why more people aren't forum browsers. you get info pretty quick here.
Posted on Reply
#2
kenkickr
Their to caught up with Facebook, MySpace, and IMVU!! All junk if you ask me!
Posted on Reply
#3
Mussels
Moderprator
sigh. another reason to insist my housemates get an antivirus. They seem to think that by not clicking email attachments they're safe.


So far, there is no windows update in windows 7 beta unless it was included in the one for windows defender.
Posted on Reply
#4

Corporate networks have the best security measures? :laugh:

There is nothing on my XP64 windows update page, was the patch just released today, or might I have already installed it 2-3 days ago?
Posted on Edit | Reply
#5
mlee49
by: btarunr
... and setting tough, long alphanumeric passwords for your network resources such as routers a...
Thats how I have my router, my phone 10 digit phone number is my pass.
Posted on Reply
#7
Weer
I used to be afraid of viruses. Now I just keep the Windows install disk handy.
Posted on Reply
#8
Mussels
Moderprator
by: mlee49
Thats how I have my router, my phone 10 digit phone number is my pass.
and you just failed at security, for telling people who know you what your password is.

passwords should always contain letters and numbers, and if you want it secure use symbols and a mix of capital and lower case letters.

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Microsoft page with links to the updates to block the worm.
Posted on Reply
#9
FordGT90Concept
"I go fast!1!11!1!"
by: insider
Corporate networks have the best security measures? :laugh:

There is nothing on my XP64 windows update page, was the patch just released today, or might I have already installed it 2-3 days ago?
Yeah, I got I think three updates a day or two ago on XP64/Server 2k3 x64. I don't know if it addresses this problem though. :confused:
Posted on Reply
#10
Mussels
Moderprator
according to the link i listed above, MS was made aware of this a month or two ago and worked on a fix.

Assume that if you are upto date with windows updates and you have a real antivirus, that you are safe.
Posted on Reply
#11

I think it might have been released a few days ago on the update site, either way it won't be able to infect our standalone/small LAN systems assuming you configure it like mines :D
Posted on Edit | Reply
#12
mlee49
by: Mussels
and you just failed at security, for telling people who know you what your password is.

passwords should always contain letters and numbers, and if you want it secure use symbols and a mix of capital and lower case letters.
If you can find my phone # you deserve access to my router. I never said which phone number I use, nor the exact order now did I ;)
Posted on Reply
#13
Mussels
Moderprator
by: mlee49
If you can find my phone # you deserve access to my router. I never said which phone number I use, nor the exact order now did I ;)
one of my friends did the same thing, bragging how it was based on his phone number. didnt take me long to get his housemates mobile, and grab the house and mobile numbers from it and get access to his router and internet..
Dont forget that hackers/some viruses have automated tools - if they know its based on your phone numbers they can just add those and let a brute force attacker do the rest.

I generate my passwords with uhh, quantum physics calculations and uhh.. klingon proverbs. hack that :) (misidrection ftw!)
Posted on Reply
#14
Castiel
I just found a update and I am installing now.
Posted on Reply
#15
mlee49
by: Mussels
one of my friends did the same thing, bragging how it was based on his phone number. didnt take me long to get his housemates mobile, and grab the house and mobile numbers from it and get access to his router and internet..
Dont forget that hackers/some viruses have automated tools - if they know its based on your phone numbers they can just add those and let a brute force attacker do the rest.

I generate my passwords with uhh, quantum physics calculations and uhh.. klingon proverbs. hack that :) (misidrection ftw!)
Yeah most virus' run massive barrages of attempts to hack a password, but a 10 digit number has millions of variants that would take an abnormally long time to crack. Even if you knew the 10 numbers it would take a crazy long time.

I'll reconsider my password as now I feel inferior to your quantum physics calculations. :wtf:


Password fail is normally due to people having the same password for multiple accounts, I know people that use the same password for multiple access points and this is screaming total rape if someone cracked their pass.
Posted on Reply
#16
Delta6326
well that sucks for whom ever gets it but im pretty sure i can't get it, if im right i really cant get any virus my internet comes from a metal rod on my roof and i get internet from cell towers and my ip changes all the time, but i really don't know a lot about worms or viruses or how you get them
Posted on Reply
#17
Mussels
Moderprator
by: Delta6326
well that sucks for whom ever gets it but im pretty sure i can't get it, if im right i really cant get any virus my internet comes from a metal rod on my roof and i get internet from cell towers and my ip changes all the time, but i really don't know a lot about worms or viruses or how you get them
worms dont care how fancy your password is, or if your internet comes from magic beans.

Your browser had to open a port to type the message you just typed, and have it appear online - that port is now open for a worm to pass out of. The same is true for them to pass back IN.

A good all in one AV and firewall is all you need to be safe, and windows updates block these really big ones anyway.

worms arent the same as a regular virus as they dont need you to click an exe or view a website, they just need a connection to your PC and they'll happily borrow another programs connection to do so.

(and of course i was kidding about the quantum physics password. mine are just numbers and letters)
Posted on Reply
#18
NeSeNVi
from the link:
"Microsoft Security Bulletin MS08-067 – Critical
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Published: October 23, 2008"

so insider, you propably has that update for a long time ;)
Posted on Reply
#19
OnBoard
Seems there are a lot of unupdated systems around the world. Downloaded the patch and it said 'doesn't apply to our system' then read this

Quick Details
File Name: Windows6.0-KB958644-x64.msu
Date Published: 10/22/2008

Don't have automatic updates on, but even my manual update cycle isn't that long :)
Posted on Reply
#21
woozers
how come there is an update for wxp sp2 but isn't for sp3?
Posted on Reply
#22
z1tu
just changed my password to one that is a serial number from a random bill :D hack that ... 11 digit even
Posted on Reply
#23
Haytch
I think its time you all change your passwords. <--< Nothing like some paranoia.

This worm seems effective and efficient, i like it. Reminds me of Cisco's speed.
Posted on Reply
#24
DRDNA
by: mlee49
Even if you knew the 10 numbers it would take a crazy long time.

.
theres a program that runs on GPU's that would do it pretty damn fast:eek:
Posted on Reply
#25
Mussels
Moderprator
by: woozers
how come there is an update for wxp sp2 but isn't for sp3?
SP3 probably includes the fix anyway. same reason why 7 doesnt have a fix.
Posted on Reply
Add your own comment