[RTC List] Article on USA Today identifies serious new internet worm

Pat Bitton pbitton at hotmail.com
Tue Jan 27 13:16:19 PST 2009 

Which just goes to show how important it is to patch every month. Companies
have had three months to patch against this and evidently many have failed
to do so.
 
Pat Bitton
Partner, Euresto Partners Inc
Sales & Marketing Strategies for Technology Startups
+1 707 268 8968/+1 408 464 0829 cell
MSN IM:  <mailto:pbitton at hotmail.com> pbitton at hotmail.com
Skype: pat.bitton
Follow me on Twitter: @PatBittonTIP
www.eurestopartners.com <http://www.eurestopartners.com/> 
 
Looking for security advice? Check out
www.theinternetprotectors.com <http://www.theinternetprotectors.com/> 
 

  _____  

From: list-bounces at redwoodtech.org [mailto:list-bounces at redwoodtech.org] On
Behalf Of robert beckerdite
Sent: Tuesday, January 27, 2009 1:01 PM
To: list at redwoodtech.org
Subject: [RTC List] Article on USA Today identifies serious new internet
worm
Importance: High


Please consider this and take the appropriate measures to protect your
business. 
 
Link with instructions to disable autorun.
http://www.us-cert.gov/cas/techalerts/TA09-020A.html
 


Cybercrime experts keep close watch on Internet worm

 

The world's top virus hunters are watching every move made by the attacker
in control of a nasty new Internet worm — referred to as "downadup" or
"conficker."

What worries them most is that the person, or group, controlling the worm
could at any time direct the PCs to carry out criminal activities on an
unprecedented scale. And there's not much anyone can do to stop them.

The attackers could use the infected PCs to steal data, spread spam or
commit other routine cybercrimes.

"We have a lot of people looking at this, and with everybody watching it,
hopefully they will be too scared to do anything," says Patrik Runald,
security adviser at F-Secure. "That's really the only thing we can hope
for."

In less than three weeks, the worm has spread to more than 1 million PCs
around the globe, mostly inside companies, according to estimates from
F-Secure and Atlanta-based security firm SecureWorks. A worm of that
magnitude has not been seen since 2004. 

The worm takes advantage of a security hole that exists on hundreds of
millions of Windows PCs. Microsoft issued an emergency patch for the hole in
October. Because most Windows PCs connected to the Internet were vulnerable
without the patch, the security community went on high alert. 

The worm first appeared on Jan. 7. Tech security researchers say it probed
for and implanted itself on any unpatched Windows PC. It then scanned for,
broke into and infected all nearby computer servers. It also implanted
itself onto any portable device plugged into the PCs' USB inputs, such as a
thumb drive storage stick, an iPod or a digital camera. When the corrupted
device was plugged into another computer, that machine became infected — and
began searching for other PCs to infect.

Don Jackson, senior researcher at SecureWorks, says infections have been
spreading in bursts inside corporate networks. "It's like time bombs going
off."

The National Cyber Alert System of US-CERT advises corporations to disable a
Windows feature, called autorun, to help cut down infections from USB
devices. Microsoft has a cleanup tool available. But the worm blocks
Internet traffic trying to get to Microsoft's tool. "This worm was written
by people who know what they're doing," Runald says.

Security companies have banded together to block some of the 250 Web
addresses that infected PCs are instructed to contact for further
instructions. But the list changes once a day. 

Vincent Weafer, vice president of Symantec Security Response, says the
attackers may have been too successful. "There's no way they want this much
attention," he says, adding that he expects them to back off.

 
 


Robert Beckerdite
Senior Engineer and Owner
Beckerdite Consulting
(707) 703-1528
www.beckerdite.com <http://www.beckerdite.com/> 





  _____  

Search from any Web page with powerful protection. Get the FREE Windows Live
Toolbar Today! Try it  <http://get.live.com/toolbar/overview> now! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://redwoodtech.org/pipermail/list_redwoodtech.org/attachments/20090127/3669bfe9/attachment.html>

More information about the List mailing list