Simply Security - News, Views, and Opinions from Trend Micro

Posted on July 3rd, 2012 in Vulnerabilities, Web Threats by Simply Security | Be the first to comment | Tags: Vulnerabilities, web threats

The internet plays host to hundreds upon thousands of hackers and their coded progeny. Conficker is celebrating its fourth birthday and shows no signs of stopping.

The internet plays host to hundreds upon thousands of hackers and their coded progeny. Worms, trojans and viruses take on a multitude of names and shapes, but only the most virulent or steadfast became mainstays of internet jargon. Conficker is celebrating its fourth birthday and shows no signs of stopping.

The worm particularly loves Microsoft operating systems. According to its fourth quarter analysis of threats, Microsoft said Conficker was detected in an additional 1.7 million systems in the three month window, bringing its overall infection count to 220 million. It’s considerably slower progress than 2009 figures where in one quarter alone the bug could hit around 5 million computers a month, but despite improvements in data protection and endpoint security, Conficker continues to thrive.

Tim Rains, director of Microsoft Trustworthy computing, says poor password maintenance was the issue. While it may seem trivial, a password weakness in the Utah Department of Health’s Medicaid servers led to European hackers stealing around 780,000 recipients’ personal data, including social security numbers and dates of birth. The incident occurred when the Department of Technology Services rushed to put a server online without implementing the proper security protocols first, resulting in a system protected by flimsy passwords.

Other malware attacks have seen similar success without even asking users for permission to run or having to steal data from a user. The Flashback Trojan infected around 600,000 Macs in early April, downloading and running itself automatically when users visited a website with the virus written somewhere on the page. If the computer was susceptible, the program would auto-execute and the virus would be installed. Once infected, the virus then attempts to gain administrator privileges and monitors browsing activities. If the numbers are right, then the amount of infected Macs reflects around 1 percent of overall usership, making it proportionally bigger than Conficker. It aslo means users should be looking at anti-virus measures on top of just practicing safe browsing and scrutinizing downloads.

Apple provided a Java update and a security patch for its Mac users to help circumvent the backdoor hole, blocking the virus, but the damage was already done. Dr. Web reported that new variants of the virus were also beginning to emerge, and that at last count more than 800,000 systems were still under the effects of the botnet hack. Kapersky warns that the virus may have skipped tracks and is now working through blogs instead of just susceptible websites.