Reuters top ten news stories delivered to your inbox each day.
You are here:
Business & Finance
The Great Debate
Do More With Reuters
Make Reuters My Homepage
Support (Customer Zone)
About Thomson Reuters
Conficker virus begins to attack PCs: experts
Mon Apr 27, 2009 9:02am EDT
Email | Print |
| Reprints | Single Page
By Jim Finkle
BOSTON (Reuters) - A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said.
Conficker, also known as Downadup or Kido, is quietly turning thousands of personal computers into servers of e-mail spam and installing spyware, they said.
The worm started spreading late last year, infecting millions of computers and turning them into "slaves" that respond to commands sent from a remote server that effectively controls an army of computers known as a botnet.
Its unidentified creators started using those machines for criminal purposes in recent weeks by loading more malicious software onto a small percentage of computers under their control, said Vincent Weafer, a vice president with Symantec Security Response, the research arm of the world's largest security software maker, Symantec Corp.
"Expect this to be long-term, slowly changing," he said of the worm. "It's not going to be fast, aggressive."
Conficker installs a second virus, known as Waledac, that sends out e-mail spam without knowledge of the PC's owner, along with a fake anti-spyware program, Weafer said.
The Waledac virus recruits the PCs into a second botnet that has existed for several years and specializes in distributing e-mail spam.
"This is probably one of the most sophisticated botnets on the planet. The guys behind this are very professional. They absolutely know what they are doing," said Paul Ferguson, a senior researcher with Trend Micro Inc, the world's third-largest security software maker.
He said Conficker's authors likely installed a spam engine and another malicious software program on tens of thousands of computers since April 7.
He said the worm will stop distributing the software on infected PCs on May 3 but more attacks will likely follow.
"We expect to see a different component or a whole new twist to the way this botnet does business," said Ferguson, a member of The Conficker Working Group, an international alliance of companies fighting the worm.
Researchers had feared the network controlled by the Conficker worm might be deployed on April 1 since the worm surfaced last year because it was programed to increase communication attempts from that date.
The security industry formed the task force to fight the worm, bringing widespread attention that experts said probably scared off the criminals who command the slave computers.
The task force initially thwarted the worm using the Internet's traffic control system to block access to servers that control the slave computers.
Viruses that turn PCs into slaves exploit weaknesses in Microsoft's Windows operating system. The Conficker worm is especially tricky because it can evade corporate firewalls by passing from an infected machine onto a USB memory stick, then onto another PC. Continued...
View article on single page
Microsoft still sees potential in Yahoo partnership
also on reuters
Facebook said to give more 3rd-party access
Graduating U.S. college seniors entering grim market
Reinventing MySpace: New CEO is just the beginning
More Technology News
Facebook plans to give developers more access: source
UK rules out government database of emails, phones
Pirate Bay lawyer files for retrial, cites bias
Qualcomm to pay Broadcom $891 million to settle litigation
Apple "say on pay" motion approved by shareholders
More Technology News...
A selection of our best photos from the past 24 hours. Slideshow
Most Popular on Reuters
Mexican swine flu spreads to Europe | Video
Conficker virus begins to attack PCs: experts
Netbooks 2.0: another PC upheaval on its way?
Fear a high school reunion? Hire a stripper
Miss Universe Australia in "skinny" controversy
Facebook surfing while sick costs woman job
Summers says U.S. economy's freefall has ended
European Factors-Futures point to softer start, flu fears weigh
U.S. conservatives riled up but where do they go?
PREVIEW-For Bank of America CEO, the fun may be over
Most Popular Articles RSS Feed
Suspected swine flu cases rise
Pakistan's anti-Taliban offensive
Epic voyage ends in disaster
Afghan drugs go up in smoke
New Zealand in swine flu alert
Pandemic fears over U.S-Mexico flu
Swine flu deaths rise
Sri Lanka urged to protect civilians
Clinton in surprise Iraq visit
Police release nail murder x-ray
Most Popular Videos RSS Feed
The global destination for corporate leaders, deal-makers and innovators
Knowledge to Act
Help and Contact Us |
Advertise With Us |
Interactive TV |
Site Index |
Thomson Reuters Corporate:
Professional Products |
Professional Products Support |
About Thomson Reuters |
Latin America |
United Kingdom |
Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. Thomson Reuters journalists are subject to an Editorial Handbook which requires fair presentation and disclosure of relevant interests.
NYSE and AMEX quotes delayed by at least 20 minutes. Nasdaq delayed by at least 15 minutes. For a complete list of exchanges and delays, please click here.