Network worm infects millions of Windows PCs

The Conficker worm has gone from small beginnings to a very serious threat to business network security.

A malicious worm is spreading that has already seen the infection of 3.5 million Windows PCs, which a security company reported as rising by one million in a single day.

Thousands of workstations and servers in the United Kingdom have already been affected by the Conficker network worm, which is also known as Downadup. It is unusually difficult to remove, especially if it has been successful in infecting a corporate network.

It is a new version of a worm which started to spread last year, with security firm F-Secure warning that it had received reports of corporate networks being infected by it since the new year.

The attack first originated in October last year, when attacks targeted a critical vulnerability in the Windows operating system, which forced Microsoft to release an emergency out-of-band patch - MS08-067.

Microsoft strongly recommended that users install the security update as soon as possible, but this failed to stop the worm increasing in frequency.

Since then, the worm has continued to infect machines, usually because they were unpatched, or because anti-virus software was not detecting it.

F-Secure said of the worm in a statement: "Downadup uses several different methods to spread. These include using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks."

It added: "Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures."

The company said that once the worm had infected a machine, it protected itself very aggressively. It did this by setting itself to restart very early in the boot-up process of the computer and setting access rights to the files and registry of the worm, which meant users couldn't remove or change them.

F-Secure said: "The worm downloads modified versions of itself from a long list of websites. The names of these websites are generated by an algorithm based on current date and time.

"As there are hundreds of different domain names that could be used by the malware, it is hard for security companies to locate and shut them all down in time."

Christian Craioveanu and Ziv Mador, of the Microsoft Malware Protection Centre, said in their blog that most of the infected customers who contacted support were running large networks. This helped spread the worm as they were more likely to feature file sharing and network shares.

They also said that they had added new capabilities to their Malicious Software Removal Tool (MSRT) which could detect and remove the worm if it was present on a machine or environment.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021