Friday, January 16th 2009

New Windows Worm-Attack Most Severe in Recent Times

Some of the most severe worm attacks in memory include the infamous w32.nimda, w32.sasser and w32.blaster: all pieces of software affecting Windows PCs, and their ever-fragile defenses against new-forms of malware. Enter Downadup aka Conficker worm. This worm targets Windows PCs and servers. Mikko Hypponen, chief research officer at anti-virus firm F-Secure points out to the possibility of this new worm originating from Ukraine, after the security software firm reverse-engineered the virus. It is said to have a unique "phone back home" property that makes it potentially dangerous to let stay on an infected machine, as it could steal and send back vital/confidential data. The worm transmits itself across local networks and the wide-area networks over internet, scanning for and infecting as many machines as it finds. Microsoft on its part had dispatched a security update for all its current Windows operating systems (MS08-067) that fixes the vulnerability the worm takes advantage of, available via Microsoft Update.

The infection rate of this worm is severe to very-severe. Corporate networks are the worst hit despite them - usually - having the best security measures in place. "On Tuesday there were 2.5 million, on Wednesday 3.5 million and today [Friday], eight million, It's getting worse, not better." said F-Secure's Hypponen. The makers of the worm have put in a great deal of work to ensure it is difficult to detect and remove. Not much more is known about the purpose of this worm, except that it steals data and replicates itself at phenomenal rates. While the worm doesn't send itself stray over the internet or by e-mail, for home and corporate networks, it immediately scans and discovers new machines to infect. The worm also has the intelligence to guess passwords for password-locked shares. The best way to counter this worm is by securing your networks, downloading and applying Microsoft's patch to all machines of the network, and setting tough, long alphanumeric passwords for your network resources such as routers and shares. Individual machines are easy to disinfect, but not large corporate networks with layers of security. The problem is for companies with thousands of infected machines, which can become re-infected from just one computer even as they are being cleared.Source: CNN
Add your own comment

30 Comments on New Windows Worm-Attack Most Severe in Recent Times

#1
1c3d0g
GRC has the most secure random password generator I've ever seen:

https://www.grc.com/passwords.htm

I use it regularly to generate strong passwords whenever I secure a home router for someone...it has never let me down. :)
Posted on Reply
#2
beesagtig
mlee49 said:
Yeah most virus' run massive barrages of attempts to hack a password, but a 10 digit number has millions of variants that would take an abnormally long time to crack. Even if you knew the 10 numbers it would take a crazy long time.
10 numbers you dont know is 10^9=100,0000,000. on my computer this would take about an hour to work out

If you knew the numbers in it that would be more like 10X9X9=810 which would take a matter of seconds to calculate. (not sure if this is one is right, fairly certain not 100%. been on holiday too long for math:))

So either way not too hard to get, just sit outside your house with a laptop and im into your network
Posted on Reply
#3
DaveK
I rarerly get worms and other junk but it's been a while since I last ran some scans, better run some just incase.
Posted on Reply
#4
z1tu
it would be nice if routers had a failsafe like ATM's that if you enter the password 3 times incorrect it would block the user from trying again and would need a backup password to unblock it
Posted on Reply
#5
Mussels
Moderprator
z1tu said:
it would be nice if routers had a failsafe like ATM's that if you enter the password 3 times incorrect it would block the user from trying again and would need a backup password to unblock it
and then 90% of all PC users would lock themselves out of their routers the first time they tried to access it. an optional feature of that design would be just dandy.
Posted on Reply