Microsoft Conficker/Downadup infections still not a major threat - Security Bytes
Home > IT Blogs > Security Bytes > Microsoft Conficker/Downadup infections still not a major threat
« Conficker, Downadup worm hype? Get the facts
Security-Bytes blog added to IT Knowledge Exchange »
» VIEW ALL POSTS Jan 27 2009   5:51PM GMT

Microsoft Conficker/Downadup infections still not a major threat



Posted by: Robert Westervelt
Information Security Threats

I had an excellent briefing with the folks at TippingPoint about Conficker and they gave me access to their ThreatLinQ, a service that helps TippingPoint IPS customers proactively configure their systems. I’ll be writing about Conficker in a news story tomorrow. ThreatLinQ is essentially a portal that shows global threat data caught in TippingPoint’s DVLabs’ IPS filters. It can rank threats on a global scale and threats by country. It also shows how other TippingPoint customers are using their IPS and what is being blocked by default.

Security researcher Derek Brown of TippingPoint’s DVLabs, explained to me that while Conficker/Downadup has spread to an estimated 10 million machines, it reached its peak on Jan. 10. It’s an interesting worm because it can propagate either by exploiting the Microsoft RPC flaw, patched in October with MS08-067, or it can spread via USB sticks and other removable storage devices.

Ten million infections is a lot of computers, but I repeat what I said in an earlier post that most infections have taken place in countries where it took longer to deploy MS08-067. Places where pirated software is rampant; where machines are more likely to go unpatched. TippingPoint’s ThreatLinQ supports this.

Attempts to attack the Microsoft RPC vulnerability ranks No. 5 of all threat’s globally, according to the TippingPoint data. It’s well behind the MS-SQL: Slammer-Sapphire Worm which was picked up globally more than 32 million times in TippingPoint’s honeypots. Slammer ranks No. 1. Conficker was detected about a half a million times, according to the real-time data.

In China, where Symantec ranked Conficker infections the highest, Microsoft RPC attacks ranked ninth, according to the TippingPoint data. In the United States, attacks attempting to exploit the Microsoft flaw didn’t even rank in the top 10.

Conficker is also relatively easy to disinfect using any number of tools including Microsoft’s Malicious Software Removal Tool.

Conficker still fascinates security researchers. It’s got a built in password cracker. Once infecting a machine it seeks out other IP addresses to try to continue to spread. It can spread on shared drives. It also relays location information to the author.

Let me be clear: Derek Brown of TippingPoint’s DV Labs did not downplay the worm. The damage the fledgling botnet inflicts is still unknown. Once the attacker delivers the payload to the infected machines we’ll begin to measure the extent of Conficker’s destruction.

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register

Windows 2008 Security - Microsoft Conficker/Downadup infections still not a major threat …  |   Jan 28 2009   1:08AM GMT

[...] Read the original here:  Microsoft Conficker/Downadup infections still not a major threat … [...]


 

Charles Norrie  |   Jan 28 2009   5:11AM GMT

Why not recommend installing Linux as the operating system on everyone’s computer.

Ubuntu Intrepid Ibex is particular easy to install, installation takes less than 20 minutes, is free and cannot be infected by malware by design.

Join the growing number of people who are sick of Windows’ expensive travails, bugs omissions, slowness and sheer complexity of mainating.

Try Ubuntu!


 

Robert Westervelt  |   Jan 28 2009   9:24AM GMT

Charles. Like any software Linux has vulnerabilities too. While it’s less of a target to attackers, it isn’t perfect and can be cracked.


 

Gisabun999  |   Feb 23 2009   7:53PM GMT

Interesting that the author(s) of the worm haven’t really done anything with it. Meanwhile the security companies are finding ways to detect and clean it.


 

Conficker worm to strike April 1 - The Network Hub  |   Mar 30 2009   8:18PM GMT

[...] Microsoft Conficker/Downadup infections were not a major threat a couple months ago, sources ranging from Brink to The New York Times (Computer Experts Unite to [...]


 

Troy Tate  |   Mar 30 2009   8:30PM GMT

Check out the Conficker deep dive analysis referenced in my blog The Conficker Analysis - are you ready for April 1?


 

Proof the Conficker worm not a major threat - Security Bytes  |   Apr 16 2009   10:13PM GMT

[...] TippingPoint’s ThreatLinQ service. ThreatLinQ can be accessed by TippingPoint IPS customers. The ThreatLinQ data I saw suggested to me that the threat wasn’t a major one. It is essentially a portal that [...]


 

The TopOfMemory Security Feed » Blog Archive » Proof the Conficker worm not a major threat  |   Apr 17 2009   3:03PM GMT

[...] TippingPoint’s ThreatLinQ service. ThreatLinQ can be accessed by TippingPoint IPS customers. The ThreatLinQ data I saw suggested to me that the threat wasn’t a major one.  ThreatLinQ is essentially a [...]


 
Visit Information Security Home |   Information Security News  |  Information Security White Papers  |  Information Security Videos  |  Information Security Resources