Network worm infects millions of Windows PCs

The Conficker worm has gone from small beginnings to a very serious threat to business network security.

A malicious worm is spreading that has already seen the infection of 3.5 million Windows PCs, which a security company reported as rising by one million in a single day.

Thousands of workstations and servers in the United Kingdom have already been affected by the Conficker network worm, which is also known as Downadup. It is unusually difficult to remove, especially if it has been successful in infecting a corporate network.

Advertisement - Article continues below

It is a new version of a worm which started to spread last year, with security firm F-Secure warning that it had received reports of corporate networks being infected by it since the new year.

The attack first originated in October last year, when attacks targeted a critical vulnerability in the Windows operating system, which forced Microsoft to release an emergency out-of-band patch - MS08-067.

Microsoft strongly recommended that users install the security update as soon as possible, but this failed to stop the worm increasing in frequency.

Since then, the worm has continued to infect machines, usually because they were unpatched, or because anti-virus software was not detecting it.

F-Secure said of the worm in a statement: "Downadup uses several different methods to spread. These include using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks."

Advertisement
Advertisement - Article continues below

It added: "Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures."

Advertisement - Article continues below

The company said that once the worm had infected a machine, it protected itself very aggressively. It did this by setting itself to restart very early in the boot-up process of the computer and setting access rights to the files and registry of the worm, which meant users couldn't remove or change them.

F-Secure said: "The worm downloads modified versions of itself from a long list of websites. The names of these websites are generated by an algorithm based on current date and time.

"As there are hundreds of different domain names that could be used by the malware, it is hard for security companies to locate and shut them all down in time."

Christian Craioveanu and Ziv Mador, of the Microsoft Malware Protection Centre, said in their blog that most of the infected customers who contacted support were running large networks. This helped spread the worm as they were more likely to feature file sharing and network shares.

They also said that they had added new capabilities to their Malicious Software Removal Tool (MSRT) which could detect and remove the worm if it was present on a machine or environment.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/mobile/mobile-security/355889/parachute-introduces-superlock-feature
mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular

Visit/operating-systems/ios/355935/apple-confirms-serious-bugs-in-ios-135
iOS

Apple confirms serious bugs in iOS 13.5

4 Jun 2020
Visit/mobile/5g/355911/the-uk-pivots-to-japan-for-5g-equipment
5G

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020
Visit/security/ransomware/355945/new-ransomware-uses-java-to-target-software-organisations
ransomware

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020