View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
April 9, 2009

F-Secure sees Conficker on horizon of threat landscape

‘Professional’ worm ready to wreake havoc

By CBR Staff Writer

Guidance on latest security threats issued by F-Secure Corp has sounded alarm bells about the potential impact of the Conficker network worm, which it estimates infected millions of computers during Q1 2009.

Up until now worms like Blaster, CodeRed, Melissa and Nimda were put together by hobbyists rather than by professional criminals. Conficker is quite different, F-Secure has warned, and may perhaps be an indication of threats to come. 

“Analysis of its code reveals that it has in fact been authored by today’s ‘professional’ class of malware authors,” the security company has cautioned in its latest Q1 2009 Security Threat Summary.

Conficker is estimated to have infected up to 15 million computers since last autumn, but to date has lurked in the background without causing widespread damage. ‘Conficker has activated,’ chief security adviser at F-Secure Patrik Runald said earlier this month. ‘So far nothing has actually happened.’ 

The company said it was able to chart the Conficker worm spreading rapidly during the months of January and February, particularly across China, Brazil, Russia, and India.

Conficker exploits vulnerabilities in the Windows Server service. “While some of it is disorganised, the code is clearly not something that was written by an amateur.  It is complex code and demonstrates a sophisticated understanding of the security systems that must be circumvented for the worm to spread,” F-Secure said in its report.

Once Conficker infiltrates a local area network, its  removal can be a very time consuming and possibly frustrating task, it said.

Content from our partners
How to engage in SAP monitoring effectively in an era of volatility
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility

F-Secure also confirmed that users of social networking sites have become an attractive target for cyber criminals and fraudsters. It said, “Social engineering attempts are being made to exploit users.”

Password compromised accounts, resulting either from phishing or password stealing malware, are being used to scam social networking friends of the victim. Typically, the compromised account sends out a request for help and assistance, claiming that money is needed.

Significant database breaches continue to threaten consumers with the risk of identity theft and credit card fraud, the company also reported, as it referenced the massive breach at Heartland Payment Systems Inc . 

Malicious software injected into the payment processing network of the US credit-card processing company could have had led to one of the biggest data breaches ever seen. Heartland handles 100 million card transactions every month for 175,000 merchants and potentially tens of millions of credit and debit card transactions could have been compromised.

For the first time since it started publishing yearly or half-a-year summaries of the threat landscape, F-Secure found evidence this quarter of the first SMS worm.

The Yxe worm is spread largely in China and is compiled to run on Symbian S60 3rd Edition phones.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.