Conficker hits at least 8 million machines
Monday, January 19, 2009
The Conficker malware outbreak has continued to spread among corporate PCs in what appears to be the biggest IT security breach in the past seven years.
Initially it was reported Conficker, or Downadup, focused on machines that weren't patched with a Microsoft emergency fix released last October (MS008-067).
However since then, the bug has evolved and is now able to spread to patched computers through portable USB drives through brute-force password-guessing, SCMagazineus.com reports.
Once in the machine, the worm can browse through the network the computer is connected to and copy itself to other machines, according to the article. This means users do not have to be at their computers or even logged on for the bug to spread.
Many experts have compared the Conficker attack to Nimda, another bug that hit corporations in 2001, which spread quickly as well. Others have speculated the bug may be the beginning stages of a new botnet.
Infected machines can potentially reveal users' personal and financial information, though it is unclear if that is the objective of the cybercriminals behind the attack. With the presidential inauguration scheduled for tomorrow, it's possible the cybercriminals may act then, since they traditionally like to coincide attacks with large events.
Related News:
Password security a tall order for many web users - 1.22.2010
A recently released study from tech researcher Imperva showed that the most popular password among users whose accounts were compromised in the recent RockYou data breach was as follows: 123456.
Facebook fixes "wrong friends list" mobile network security glitch - 1.22.2010
CNET reports that social media network Facebook has repaired a problem in the mobile version of its service that caused some mobile users to have full access to the friends lists of unassociated users.
Automated phishing scam hits bank customers - 1.14.2010
Phishing attacks do not target victims exclusively via email, experts say, pointing to a recent rash of automated phone calls that attempted to convince victims to give up sensitive banking information.
Scammers ride aftershocks of Haiti catastrophe - 1.14.2010
The Federal Bureau of Investigation has issued a warning to those who want to contribute to earthquake relief efforts in Haiti, saying that cyber criminals and other types of scam artists are trying to take advantage of an outpouring of humanitarian support.
Banking Trojans finding new vector with fake Outlook alerts - 1.11.2010
A spurious alert purporting to come from Microsoft Outlook has cropped up in recent weeks, according to a maker of email filtering software.
|
