‘Professional’ worm ready to wreake havoc
Guidance on latest security threats issued by F-Secure Corp has sounded alarm bells about the potential impact of the Conficker network worm, which it estimates infected millions of computers during Q1 2009.
Up until now worms like Blaster, CodeRed, Melissa and Nimda were put together by hobbyists rather than by professional criminals. Conficker is quite different, F-Secure has warned, and may perhaps be an indication of threats to come.
“Analysis of its code reveals that it has in fact been authored by today’s ‘professional’ class of malware authors,” the security company has cautioned in its latest Q1 2009 Security Threat Summary.
Conficker is estimated to have infected up to 15 million computers since last autumn, but to date has lurked in the background without causing widespread damage. ‘Conficker has activated,’ chief security adviser at F-Secure Patrik Runald said earlier this month. ‘So far nothing has actually happened.’
The company said it was able to chart the Conficker worm spreading rapidly during the months of January and February, particularly across China, Brazil, Russia, and India.
Conficker exploits vulnerabilities in the Windows Server service. “While some of it is disorganised, the code is clearly not something that was written by an amateur. It is complex code and demonstrates a sophisticated understanding of the security systems that must be circumvented for the worm to spread,” F-Secure said in its report.
Once Conficker infiltrates a local area network, its removal can be a very time consuming and possibly frustrating task, it said.
F-Secure also confirmed that users of social networking sites have become an attractive target for cyber criminals and fraudsters. It said, “Social engineering attempts are being made to exploit users.”
Password compromised accounts, resulting either from phishing or password stealing malware, are being used to scam social networking friends of the victim. Typically, the compromised account sends out a request for help and assistance, claiming that money is needed.
Significant database breaches continue to threaten consumers with the risk of identity theft and credit card fraud, the company also reported, as it referenced the massive breach at Heartland Payment Systems Inc .
Malicious software injected into the payment processing network of the US credit-card processing company could have had led to one of the biggest data breaches ever seen. Heartland handles 100 million card transactions every month for 175,000 merchants and potentially tens of millions of credit and debit card transactions could have been compromised.
For the first time since it started publishing yearly or half-a-year summaries of the threat landscape, F-Secure found evidence this quarter of the first SMS worm.
The Yxe worm is spread largely in China and is compiled to run on Symbian S60 3rd Edition phones.