1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New Windows Worm-Attack Most Severe in Recent Times

Discussion in 'News' started by btarunr, Jan 17, 2009.

  1. btarunr

    btarunr Editor & Senior Moderator Staff Member

    Joined:
    Oct 9, 2007
    Messages:
    28,705 (11.16/day)
    Thanks Received:
    13,668
    Location:
    Hyderabad, India
    Some of the most severe worm attacks in memory include the infamous w32.nimda, w32.sasser and w32.blaster: all pieces of software affecting Windows PCs, and their ever-fragile defenses against new-forms of malware. Enter Downadup aka Conficker worm. This worm targets Windows PCs and servers. Mikko Hypponen, chief research officer at anti-virus firm F-Secure points out to the possibility of this new worm originating from Ukraine, after the security software firm reverse-engineered the virus. It is said to have a unique "phone back home" property that makes it potentially dangerous to let stay on an infected machine, as it could steal and send back vital/confidential data. The worm transmits itself across local networks and the wide-area networks over internet, scanning for and infecting as many machines as it finds. Microsoft on its part had dispatched a security update for all its current Windows operating systems (MS08-067) that fixes the vulnerability the worm takes advantage of, available via Microsoft Update.

    The infection rate of this worm is severe to very-severe. Corporate networks are the worst hit despite them - usually - having the best security measures in place. "On Tuesday there were 2.5 million, on Wednesday 3.5 million and today [Friday], eight million, It's getting worse, not better." said F-Secure's Hypponen. The makers of the worm have put in a great deal of work to ensure it is difficult to detect and remove. Not much more is known about the purpose of this worm, except that it steals data and replicates itself at phenomenal rates. While the worm doesn't send itself stray over the internet or by e-mail, for home and corporate networks, it immediately scans and discovers new machines to infect. The worm also has the intelligence to guess passwords for password-locked shares. The best way to counter this worm is by securing your networks, downloading and applying Microsoft's patch to all machines of the network, and setting tough, long alphanumeric passwords for your network resources such as routers and shares. Individual machines are easy to disinfect, but not large corporate networks with layers of security. The problem is for companies with thousands of infected machines, which can become re-infected from just one computer even as they are being cleared.

    Source: CNN
     
    Last edited: Jan 17, 2009
    FilipM, DonInKansas, CDdude55 and 4 others say thanks.
  2. exodusprime1337

    exodusprime1337

    Joined:
    Nov 27, 2007
    Messages:
    2,188 (0.87/day)
    Thanks Received:
    342
    thanx btarunr for posting this, good information to have early. makes me wonder why more people aren't forum browsers. you get info pretty quick here.
     
  3. kenkickr

    kenkickr

    Joined:
    Dec 5, 2007
    Messages:
    4,827 (1.92/day)
    Thanks Received:
    1,452
    Their to caught up with Facebook, MySpace, and IMVU!! All junk if you ask me!
     
    Crunching for Team TPU
  4. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,373 (11.55/day)
    Thanks Received:
    9,679
    sigh. another reason to insist my housemates get an antivirus. They seem to think that by not clicking email attachments they're safe.


    So far, there is no windows update in windows 7 beta unless it was included in the one for windows defender.
     
  5. insider Guest

    Corporate networks have the best security measures? :laugh:

    There is nothing on my XP64 windows update page, was the patch just released today, or might I have already installed it 2-3 days ago?
     
  6. mlee49

    mlee49

    Joined:
    Dec 27, 2007
    Messages:
    8,491 (3.41/day)
    Thanks Received:
    2,106
    Thats how I have my router, my phone 10 digit phone number is my pass.
     
  7. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,373 (11.55/day)
    Thanks Received:
    9,679
  8. Weer New Member

    Joined:
    Aug 15, 2007
    Messages:
    1,417 (0.54/day)
    Thanks Received:
    94
    Location:
    New York / Israel
    I used to be afraid of viruses. Now I just keep the Windows install disk handy.
     
  9. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,373 (11.55/day)
    Thanks Received:
    9,679
    and you just failed at security, for telling people who know you what your password is.

    passwords should always contain letters and numbers, and if you want it secure use symbols and a mix of capital and lower case letters.

    http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

    Microsoft page with links to the updates to block the worm.
     
    Last edited: Jan 17, 2009
    btarunr says thanks.
  10. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    13,770 (6.26/day)
    Thanks Received:
    3,668
    Location:
    IA, USA
    Yeah, I got I think three updates a day or two ago on XP64/Server 2k3 x64. I don't know if it addresses this problem though. :confused:
     
    Crunching for Team TPU
  11. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,373 (11.55/day)
    Thanks Received:
    9,679
    according to the link i listed above, MS was made aware of this a month or two ago and worked on a fix.

    Assume that if you are upto date with windows updates and you have a real antivirus, that you are safe.
     
  12. insider Guest

    I think it might have been released a few days ago on the update site, either way it won't be able to infect our standalone/small LAN systems assuming you configure it like mines :D
     
  13. mlee49

    mlee49

    Joined:
    Dec 27, 2007
    Messages:
    8,491 (3.41/day)
    Thanks Received:
    2,106
    If you can find my phone # you deserve access to my router. I never said which phone number I use, nor the exact order now did I ;)
     
  14. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,373 (11.55/day)
    Thanks Received:
    9,679
    one of my friends did the same thing, bragging how it was based on his phone number. didnt take me long to get his housemates mobile, and grab the house and mobile numbers from it and get access to his router and internet..
    Dont forget that hackers/some viruses have automated tools - if they know its based on your phone numbers they can just add those and let a brute force attacker do the rest.

    I generate my passwords with uhh, quantum physics calculations and uhh.. klingon proverbs. hack that :) (misidrection ftw!)
     
  15. Castiel

    Castiel

    Joined:
    May 5, 2008
    Messages:
    3,319 (1.41/day)
    Thanks Received:
    310
    I just found a update and I am installing now.
     
  16. mlee49

    mlee49

    Joined:
    Dec 27, 2007
    Messages:
    8,491 (3.41/day)
    Thanks Received:
    2,106
    Yeah most virus' run massive barrages of attempts to hack a password, but a 10 digit number has millions of variants that would take an abnormally long time to crack. Even if you knew the 10 numbers it would take a crazy long time.

    I'll reconsider my password as now I feel inferior to your quantum physics calculations. :wtf:


    Password fail is normally due to people having the same password for multiple accounts, I know people that use the same password for multiple access points and this is screaming total rape if someone cracked their pass.
     
  17. Delta6326

    Delta6326

    Joined:
    May 21, 2008
    Messages:
    3,827 (1.63/day)
    Thanks Received:
    667
    Location:
    Iowa, USA
    well that sucks for whom ever gets it but im pretty sure i can't get it, if im right i really cant get any virus my internet comes from a metal rod on my roof and i get internet from cell towers and my ip changes all the time, but i really don't know a lot about worms or viruses or how you get them
     
  18. Mussels

    Mussels Moderprator Staff Member

    Joined:
    Oct 6, 2004
    Messages:
    42,373 (11.55/day)
    Thanks Received:
    9,679
    worms dont care how fancy your password is, or if your internet comes from magic beans.

    Your browser had to open a port to type the message you just typed, and have it appear online - that port is now open for a worm to pass out of. The same is true for them to pass back IN.

    A good all in one AV and firewall is all you need to be safe, and windows updates block these really big ones anyway.

    worms arent the same as a regular virus as they dont need you to click an exe or view a website, they just need a connection to your PC and they'll happily borrow another programs connection to do so.

    (and of course i was kidding about the quantum physics password. mine are just numbers and letters)
     
  19. NeSeNVi New Member

    Joined:
    Dec 2, 2008
    Messages:
    93 (0.04/day)
    Thanks Received:
    3
    from the link:
    "Microsoft Security Bulletin MS08-067 – Critical
    Vulnerability in Server Service Could Allow Remote Code Execution (958644)
    Published: October 23, 2008"

    so insider, you propably has that update for a long time ;)
     
    Last edited: Jan 17, 2009
  20. OnBoard

    OnBoard New Member

    Joined:
    Sep 16, 2006
    Messages:
    3,044 (1.03/day)
    Thanks Received:
    379
    Location:
    Finland
    Seems there are a lot of unupdated systems around the world. Downloaded the patch and it said 'doesn't apply to our system' then read this

    Quick Details
    File Name: Windows6.0-KB958644-x64.msu
    Date Published: 10/22/2008

    Don't have automatic updates on, but even my manual update cycle isn't that long :)
     
  21. [I.R.A]_FBi

    [I.R.A]_FBi New Member

    Joined:
    May 19, 2007
    Messages:
    7,664 (2.82/day)
    Thanks Received:
    540
    Location:
    c:\programs\kitteh.exe
    im safe :)
     
  22. woozers

    woozers New Member

    Joined:
    Aug 27, 2007
    Messages:
    41 (0.02/day)
    Thanks Received:
    3
    Location:
    Latvia
    how come there is an update for wxp sp2 but isn't for sp3?
     
  23. z1tu

    z1tu

    Joined:
    Dec 31, 2008
    Messages:
    439 (0.21/day)
    Thanks Received:
    123
    Location:
    Romania
    just changed my password to one that is a serial number from a random bill :D hack that ... 11 digit even
     
  24. Haytch

    Haytch New Member

    Joined:
    Apr 7, 2008
    Messages:
    510 (0.21/day)
    Thanks Received:
    28
    Location:
    Australia
    I think its time you all change your passwords. <--< Nothing like some paranoia.

    This worm seems effective and efficient, i like it. Reminds me of Cisco's speed.
     
  25. DRDNA

    DRDNA

    Joined:
    Feb 19, 2006
    Messages:
    4,795 (1.51/day)
    Thanks Received:
    567
    Location:
    New York
    theres a program that runs on GPU's that would do it pretty damn fast:eek:
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page