Network worm infects millions of Windows PCs

The Conficker worm has gone from small beginnings to a very serious threat to business network security.

A malicious worm is spreading that has already seen the infection of 3.5 million Windows PCs, which a security company reported as rising by one million in a single day.

Thousands of workstations and servers in the United Kingdom have already been affected by the Conficker network worm, which is also known as Downadup. It is unusually difficult to remove, especially if it has been successful in infecting a corporate network.

It is a new version of a worm which started to spread last year, with security firm F-Secure warning that it had received reports of corporate networks being infected by it since the new year.

The attack first originated in October last year, when attacks targeted a critical vulnerability in the Windows operating system, which forced Microsoft to release an emergency out-of-band patch - MS08-067.

Microsoft strongly recommended that users install the security update as soon as possible, but this failed to stop the worm increasing in frequency.

Since then, the worm has continued to infect machines, usually because they were unpatched, or because anti-virus software was not detecting it.

F-Secure said of the worm in a statement: "Downadup uses several different methods to spread. These include using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks."

It added: "Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures."

The company said that once the worm had infected a machine, it protected itself very aggressively. It did this by setting itself to restart very early in the boot-up process of the computer and setting access rights to the files and registry of the worm, which meant users couldn't remove or change them.

F-Secure said: "The worm downloads modified versions of itself from a long list of websites. The names of these websites are generated by an algorithm based on current date and time.

"As there are hundreds of different domain names that could be used by the malware, it is hard for security companies to locate and shut them all down in time."

Christian Craioveanu and Ziv Mador, of the Microsoft Malware Protection Centre, said in their blog that most of the infected customers who contacted support were running large networks. This helped spread the worm as they were more likely to feature file sharing and network shares.

They also said that they had added new capabilities to their Malicious Software Removal Tool (MSRT) which could detect and remove the worm if it was present on a machine or environment.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

'Largest ever' Magecart hack compromises 2,000 online stores
hacking

'Largest ever' Magecart hack compromises 2,000 online stores

15 Sep 2020
'NetWalker' ransomware explodes thanks to 'as a service' expansion
ransomware

'NetWalker' ransomware explodes thanks to 'as a service' expansion

4 Sep 2020
Infocyte integrates with Palo Alto Networks Cortex XSOAR
cyber security

Infocyte integrates with Palo Alto Networks Cortex XSOAR

19 Aug 2020
Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020