The malicious software known as Conficker is slowly starting weeks after being dismissed as a false alarm, security experts said.
Conficker, also known as Downadup or Kido, is quietly turning thousands of PCs into servers of email spam and installing spyware, they said.
The worm started spreading late last year, infecting millions of computers and turning them into "slaves" that respond to commands sent from a remote machine that controls an army of computers known as a botnet.
Many feared it would wreak havoc on April 1, but instead the worm mutated to make it harder to catch.
Its unidentified creators started using infected machines for criminal purposes in recent weeks by loading more malicious software onto a small percentage of computers under their control, said Vincent Weafer, a vice president with Symantec Security Response.
"Expect this to be long-term, slowly changing," he said. "It's not going to be fast, aggressive."
What the worm does ?
Conficker installs a second virus, known as Waledac, that sends out email spam without knowledge of the PC's owner, Mr Weafer said.
It also installs a fake anti-spyware program so users would be led to believe their computer's safe.
"This is probably one of the most sophisticated botnets on the planet. The guys behind this are very professional. They absolutely know what they are doing," said Paul Ferguson, a senior researcher with Trend Micro.
He said Conficker's authors likely installed a spam engine and another malicious software program on tens of thousands of computers since April 7. The worm will stop distributing the software on infected PCs on May 3 but more attacks will likely follow.
"We expect to see a different component or a whole new twist to the way this botnet does business," said Mr Ferguson.
Viruses that turn PCs into slaves exploit weaknesses in Microsoft's Windows operating system. The Conficker worm is especially tricky because it can evade corporate firewalls by passing from an infected machine onto a USB memory stick, then onto another PC.
The Conficker botnet is one of many such networks controlled by syndicates that authorities believe are based in eastern Europe, Southeast Asia, China and Latin America.
Conficker installs a second virus, known as Waledac, that sends out email spam without knowledge of the PC's owner, Mr Weafer said.
It also installs a fake anti-spyware program so users would be led to believe their computer's safe.
"This is probably one of the most sophisticated botnets on the planet. The guys behind this are very professional. They absolutely know what they are doing," said Paul Ferguson, a senior researcher with Trend Micro.
He said Conficker's authors likely installed a spam engine and another malicious software program on tens of thousands of computers since April 7. The worm will stop distributing the software on infected PCs on May 3 but more attacks will likely follow.
"We expect to see a different component or a whole new twist to the way this botnet does business," said Mr Ferguson.
Viruses that turn PCs into slaves exploit weaknesses in Microsoft's Windows operating system. The Conficker worm is especially tricky because it can evade corporate firewalls by passing from an infected machine onto a USB memory stick, then onto another PC.
The Conficker botnet is one of many such networks controlled by syndicates that authorities believe are based in eastern Europe, Southeast Asia, China and Latin America.
What you can do ?
First of all, make sure your PC has the latest patch from Microsoft and update your security software. If you cannot access your anti-virus maker's website, your PC may already be infected.
In general, you should always be careful when clicking on unknown links. Use LinkScanner to find out if a link leads to dangerous content, and be wary of pop-up windows prompting you to install software such as antivirus or video player updates.
You may also read the US Department of Homeland Security's recommendations at www.dhs.gov, or find out more on Wikipedia
First of all, make sure your PC has the latest patch from Microsoft and update your security software. If you cannot access your anti-virus maker's website, your PC may already be infected.
In general, you should always be careful when clicking on unknown links. Use LinkScanner to find out if a link leads to dangerous content, and be wary of pop-up windows prompting you to install software such as antivirus or video player updates.
You may also read the US Department of Homeland Security's recommendations at www.dhs.gov, or find out more on Wikipedia
No comments:
Post a Comment