Tuesday, February 17, 2009

Windows worm being spread through USB memory sticks


Windows worm being spread through USB memory sticks

The Conficker virus is being transferred between machines via external drives, warn experts. USB memory sticks are helping to spread the Windows worm that has infected around 10 million computers worldwide, say security experts. The virus – known variously as Downadup, Conficker, and Kido – is spreading at a rate of one million machines per day, according to anti-virus experts at F-Secure.

The worm, which targets the Windows operating system, is able to bury its way deep into a computer’s software, and makes it hard for users to restore their machine to a safe point before the virus struck. Once installed on a computer, it communicates remotely with hackers’ websites, automatically downloading more malicious software that could further compromise the integrity of the PC. Although security firms have been tracking the worm for months, and Microsoft issued a security patch to combat the virus in October, many users have failed to patch their machines, leaving them vulnerable to attack, especially from new variants of the worm.

Security experts say that the virus is being unwittingly spread by computer users who are using USB memory sticks. The virus is easily transferred from an infected machine to a clean machine if the same USB stick is plugged into each. F-Secure said that the worm takes advantage of the Windows operating system’s “Autoplay” function, which searches for programs stored on removable drives, such as memory sticks. The worm wriggles its way into this process, creating a fake folder on removable drives that users believe they can legitimately open. Once that folder is clicked on, the worm is activated and installed on the computer’s operating system, burrowing its way deep into the machine’s software.

“The replication methods are quite good,” warned Eddy Willems, a security analyst with anti-virus firm Kaspersky Labs. “It’s using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism.” Some security experts fear that the rapid spread of the worm is helping to create a giant “botnet” – a series of compromised computers running malicious software that could allow hackers to remotely take control of machines, enabling them to steal login information, security details and other sensitive data.

Computer users are advised to ensure their anti-virus software, operating system and firewall is up to date, and that they have installed a Microsoft patch designed to combat the problem, MS08-067 , which is available from the Microsoft site. There is also a recently issued Microsoft removal tool that may be able to restore machines already infected by the worm.

-Agencies

No comments:

Post a Comment