Windows worm numbers reaches millions

Worm infections spreading through computers, networks, pin drives are reaching in millions due to low profile security measures. In October 2008, different malicious computer programs like conficker, downadup and kido were discovered; these are the most common known malicious software attacking our computers. Antivirus firm F-secure estimated the amount of infected machines have reached the figure of 8-9 million. There has been several warning by experts about this figure that it can go far higher and they should install Microsoft MS08-067 patch and keep anti-virus software updated.

While in Interview with BBC, Graham Cluley, senior technology consultant told that the situation has never been this bad and outbreak on this scale had not been seen for quite some time. He also told that :

"Microsoft did a good job of updating people's home computers, but the virus continues to infect business who have ignored the patch update.
"A shortage of IT staff during the holiday break didn't help and rolling out a patch over a large number of computers isn't easy.
"What's more, if your users are using weak passwords - 12345, QWERTY, etc - then the virus can crack them in short order," he added.
"But as the virus can be spread with USB memory sticks, even having the Windows patch won't keep you safe. You need anti-virus software for that."

How worm spread in windows?

Microsoft has release the information about the working of worm spreading in the windows platform. First of all it searched for executable file called “services.exe” and gets embedded into it. “Services.exe” is windows file which performs important functions in windows. It then copy itself into window system folder “system32” with random file name but in extension of DLL file, it can be something like piftoc.dll etc, it normally named itself from 5 to 8 character, after naming it modifies the registry entries, listing important windows settings so that it could run infected ..DLL file as window default system file. When worm is up and running it creates HTTP server, it resets machine system restore point and starts to download files from different hacking sites and or start uploading crucial and personal information like name, password etc. Most malware uses predictable ways to download and upload files which are easy to locate and shut down. Whereas Conficker makes things way more complicated for finding and terminating its actions. According to antivirus firm F-secure this worn is programmed very complicated algorithm which in result generate hundreds of fake domain names such as abed.com,hturp.net etc. Out of which only one domain is used to download or upload data. Finding the site out of so many sites makes detection almost impossible procedure.

Alternatives

Interviewed by BBC, Kaspersky Lab's security analyst, Eddy Willems, said that a new strain of the worm was complicating matters.
"There was a new variant released less than two weeks ago and that's the one causing most of the problems," said Mr Willems
"The replication methods are quite good. It's using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism."
"Of course, the real problem is that people haven't patched their software," he mentioned.

According to Microsoft malware has infected millions of computers in almost of every parts of the world including in China, Brazil, Russia, and India having the highest number of victims.
Microsoft also says, they have detected millions of unique IP infected, they can be deinfected but it will bring issue of unauthrized access issue.
Recommendations: We have good chances for protecting our computers by making sure that we update crucial security updates at any cost, and we use antivirus programs and keep its signature file updated for maximum protection.

 

Virus Like attack Hit Web Internet Traffic

Strange kind of worm attack has taken place last Saturday which have affected internet traffic in different parts of the world. This is believed to be fast spreading malicious code which is attacking major servers resulting in huge fall of internet web traffic. This computer worm is interfering with email delivery and web browsers. Huge fall of internet traffic been noticed this Saturday which is very similar to attack occurred in summer 2001 by virus known as “code red”. This attack is not targeted for home computers or personal computers, but major servers who are responsible for directing traffic for internet.

Internet services in South Korea were put on halt national wide for hours on Saturday due to the attack, countries like Thailand, Japan, Malaysia, India and Philippines were also affected by it and experienced lower internet traffic due to worm attack.

This malicious code is designed to exploit vulnerability in database software SQL server by Microsoft. The code is programmed to get server into unlimited loop which is sending data to other computers continuously hence results in denial of service attack. This worm is programmed to design to work in the memory therefore anti viruses may not be able to detect it. The size of this malicious code is about 376 bytes only which affected the web significantly on Saturday at about 530 GMT.

United States had almost equal affect of this Worm attack although it is not yet sure if the impact is same as it is on South Korea. It is the first time that wired and mobile internet been collectively affected because of this attack in South Korea. Its impact on government organization, financial institution were relatively normal as the attack had occurred on weekend.
Several data pipelines seem to have affected due to attack of malicious code. Code has taken over its affect very quickly due to the use of protocol called UDP, which is different from the computers to access web pages.It is believed that 5 out of 13 major Internet hub were targeted on Saturday attack, Microsoft website has enhance their security checks for any kind further attacks, other companies can download the parch for security vulnerability.
Do not worry, this is not latest news :P i just wrote it for the people who never knew it had happened. It happened on 25 January, 2003,

 

Welcome to Laptop problems blog

Thank you for taking the time to visit Laptop problem blog! Take a second to peak around and check out some of my experiences of different laptops and notebooks. If you want to learn how to keep your notebook performance upto the mark, which laptops are better, what performce better, laptop suggestions etc then you have landed in right place.

Website Statistics
Computers Blogs - Blog Top Sites

Labels