Conflicker Returns
Contributed by: Email on 04/26/2012 01:53 PM
[
Comments
]
Remember the Conficker worm of the late 2008 - early 2009 period? Usually such malware eventually fades into the past as newer and more dangerous pieces of malware emerge. But not only has Conflicker not disappeared, it has actually started to increase again.
The old Conflicker had an update scheduled for April 1st, with stories that it would meltdown the Internet's core. But in reality, nothing much happened except that computers continued to be infected.
All that was 3 years ago and Conflicker has pretty much fallen to the wayside, but not so for new attacks. Data compiled by Microsoft and published in their new quarterly Security Intelligence Report shows that the average number of attacks by Conficker on computers has grown from 15 in the first quarter of 2011 to 35 in the fourth quarter.
Cleaning tools have been available for Conflicker for a long time now and the vulnerabilities of attacks that the worm targets have been patched for even longer. Microsoft's research found that the huge majority of Conficker infections--92 percent--comes from stolen or weak passwords, and the rest come from exploits against flaws for which there are patches available.
Conflicker spreads easily and in corporate environments it isn't easy to stop once it gets into one or two systems. "A single computer with a weak password could easily be enough to cause a major disruption inside a corporate network, especially considering the increasing trend in the number of Conficker attacks per computer," Microsoft said.
If you suspect you are infected with the Conflicker worm, ask for assistance from the Malware Team at MajorGeeks.
The old Conflicker had an update scheduled for April 1st, with stories that it would meltdown the Internet's core. But in reality, nothing much happened except that computers continued to be infected.
All that was 3 years ago and Conflicker has pretty much fallen to the wayside, but not so for new attacks. Data compiled by Microsoft and published in their new quarterly Security Intelligence Report shows that the average number of attacks by Conficker on computers has grown from 15 in the first quarter of 2011 to 35 in the fourth quarter.
Cleaning tools have been available for Conflicker for a long time now and the vulnerabilities of attacks that the worm targets have been patched for even longer. Microsoft's research found that the huge majority of Conficker infections--92 percent--comes from stolen or weak passwords, and the rest come from exploits against flaws for which there are patches available.
"Once later variants of Conficker infect a computer, they attempt to spread by copying themselves into administrative shares of other computers on the network. First the malware tries to use the current users credentials to copy itself, but if that fails it attempts to exploit weak passwords; the worm uses a pre-existing list of common weak passwords that it carries with it. If that fails, Conficker remains dormant until new credentials are available. If a remote administrator logs into the infected computer to try to clean it or diagnose problems caused by the worm, Conficker uses the administrators login token to infect as many computers as possible. The combination of these credential-based attacks accounted for 100% of all recent infection attempts from Conficker targeting Enterprise Microsoft Forefront Endpoint Protection users on Windows 7 and Windows Vista platforms," Microsoft's Malware Protection Center said in a blog post.
Conflicker spreads easily and in corporate environments it isn't easy to stop once it gets into one or two systems. "A single computer with a weak password could easily be enough to cause a major disruption inside a corporate network, especially considering the increasing trend in the number of Conficker attacks per computer," Microsoft said.
If you suspect you are infected with the Conflicker worm, ask for assistance from the Malware Team at MajorGeeks.
Comments
