[LINK] Conficker virus

stephen at melbpc.org.au stephen at melbpc.org.au
Thu Jan 22 01:36:17 AEDT 2009

Conficker virus 'harnesses power of a botnet to crack passwords'

Conficker worm wriggles into millions of computers
January 21, 2009 - 2:48PM

A nasty worm has wriggled into millions of computers and continues to 
spread, leaving security experts wondering whether the attack is a 
harbinger of evil deeds to come.

US software protection firm F-Secure says a computer worm known 
as "Conficker" or "Downadup" had infected more than nine million 
computers by Tuesday and was spreading at a rate of one million machines 

The malicious software had yet to do any noticeable damage, prompting 
debate as to whether it is impotent, waiting to detonate, or a test run 
by cybercriminals intent on profiting from the weakness in the future.

(However, there are reports from New Zealand that the worm is responsible 
for crashing the Ministry of Health's computer systems.)

"This is enormous; possibly the biggest virus we have ever seen," said 
software security specialist David Perry of Trend Micro.

"I think the bad guys are field testing a new technology. If Conficker 
proves to work well, they could go out and sell malware (malicious 
software) to people. There is a huge market for selling criminal malware."

The worm, a self-replicating program, takes advantage of networks or 
computers that haven't kept up to date with security patches for Windows 
RPC Server Service.

It can infect machines from the internet or by hiding on USB memory 
sticks carrying data from one computer to another. Once in a computer it 
digs deep, setting up defences that make it hard to extract.

Malware could be triggered to steal data or turn control of infected 
computers over to hackers amassing "zombie" machines into "botnet" armies.

"Here we are with a big, big outbreak and they keep revamping their 
methodology to increase the size of it," Perry said. "They could be 
growing this huge botnet to slice it up and sell it on the criminal 

Microsoft says it is aware of the Conficker "worm family" and has 
modified its free Malicious Software Removal Tool to detect and get rid 
of infections.

The US software giant also advises people to stay current on anti-virus 
tools and Windows updates, and to protect computers and files with strong 

A troubling aspect of Conficker is that it harnesses computing power of a 
botnet to crack passwords.

Repeated "guesses" at passwords by a botnet have caused some computer 
users to be locked out of files or machines that automatically disable 
access after certain numbers of failed tries.

"Downadup uses brute force from the infected network of botnets to break 
the password of the machine being attacked," Perry said. "That is 
something never seen before and I find it disturbing."

Perry urges people to harden passwords by mixing in numbers, punctuation 
marks, and upper-case letters. Doing so makes it millions of times harder 
for passwords to be deduced, according to Perry.

"This is necessary in a world where malware hacks passwords," Perry said.

"Go get a notebook, keep it next to your computer and record your 
password in it. No hacker in the world can hack the written page locked 
away in your office."


Message sent using MelbPC WebMail Server

More information about the Link mailing list