Thu, Jan 22, 2009 - Page 7 News List

Swiftly spreading virus worries security experts

OPEN WINDOWS The worm infects computers that haven’t updated security patches for the Windows RPC Server Service, specialists said

AFP , SAN FRANCISCO

A nasty worm has wriggled into millions of computers and could be the biggest virus ever, leaving security experts wondering whether it is a harbinger of evil deeds to come.

US software protection firm F-Secure said on Tuesday a computer worm known as “Conficker” or “Downadup” had infected more than 9 million computers and was spreading at a rate of 1 million machines per day.

The malicious software had yet to do any noticeable damage, prompting debate as to whether it is impotent, waiting to detonate or a test run by cybercriminals.

“This is enormous; possibly the biggest virus we have ever seen,” software security specialist David Perry of Trend Micro said.

“I think the bad guys are field-testing a new technology. If Conficker proves to work well, they could go out and sell malware [malicious software] to people. There is a huge market for selling criminal malware.”

The worm takes advantage of networks or computers that haven’t kept up to date with security patches for the Windows RPC Server Service.

It can infect machines from the Internet or by hiding on USB memory sticks. Once in a computer it digs deep, setting up defenses that make it hard to extract.

“Here we are with a big, big outbreak and they keep revamping their methodology to increase the size of it,” Perry said. “They could be growing this huge botnet to slice it up and sell it on the criminal market.”

Microsoft said it was aware of the Conficker “worm family” and had modified its free Malicious Software Removal Tool to detect and get rid of infections.

A troubling aspect of Conficker is that it harnesses computing power of a botnet to crack passwords.

Repeated “guesses” at passwords by a botnet have caused some computer users to be locked out of files or machines that automatically disable access after certain numbers of failed tries.

“Downadup uses brute force from the infected network of botnets to break the password of the machine being attacked,” Perry said. “That is something never seen before and I find it disturbing.”

This story has been viewed 1638 times.
TOP top