IBM detects 1,156 local Conficker victims
LATEST NEWS
- Video will drive UFB uptake, but NZ lacks content choices: ComCom || 2
- TelstraClear's half-year revenue drops by 4 percent, but telco posts $1m profit
- Peter Finch leaves CIO post at Gen-i || 1
- 2degrees announces 875,656 customers
- NZ Fauna app fills 'crazy' lack of animal info || 4
- Megaupload interest a mixed blessing for Pirate Party || 2
SUBSCRIBE
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
SIGN UP
New Zealand appears to have been relatively hard hit on a per capita measure, says IBM
By Rob O'Neill | Auckland | Wednesday, 18 February, 2009
IBM is tracking the spread of the Conficker worm globally and has identified 1,156 instances of infection here in New Zealand as of January 29.
Conficker, also known as Downadup, has spread rapidly around the globe, causing havoc on corporate networks including that of the New Zealand Ministry of Health.
The worm has spread especially fiercely in South America and Asia, but according to IBM’s statistics, New Zealand also appears to have been relatively hard hit on a per capita measure.
IBM’s New Zealand security expert John Martin says the infection here has been “quite significant”.
Downadup uses computer or network resources to make copies of itself. It may also include code or other malware that damages a computer or the network. Once executed, Downadup disables some system services, including Windows Automatic Update, Windows Security Centre, Windows Defender, and Windows Error Reporting. The worm then connects to a malicious server, where it downloads additional malware to install on the infected computer.
Martin says most of the local infections appear to have been in small organisations and small businesses. He says a lot of the blame for these infections lies with users who turn automatic Windows updates off.
Martin says Conficker is now in its second phase, spreading by USB devices, network shares and cracking passwords.
Worryingly, nobody actually knows what the payload, or purpose, of Conficker is, Martin says. IBM’s X-Force security threat analysis service, however, believes it is most likely to be used as a botnet, a network of zombie computers receiving orders from a controller.
Even organisations that have applied patches can still be vulnerable to the worm through USB infection, Martin warns. He recommends systems administrators disable the autorun feature on all such memory sticks.
At the beginning of February, IBM released the results of its 2008 X-Force security trend statistics report. The report found that web application vulnerabilities have hit an all-time high. Hackers have refined the means to compromise the security of corporate websites, and are using these to launch cyber-attacks against visitors to corporate websites, the report says.
Last year more than half of all vulnerabilities disclosed were related to web applications, and of these, more than 74% had no patch. Vulnerable applications included many of the open-source content management systems used by corporations on their websites.
The report says hackers are attacking these vulnerabilities with massive waves of automated SQL injection attacks, where SQL code is “injected” via vulnerabilities into back-end databases, usually through search boxes or website forms.
The code redirects site visitors to malicious websites that download malware onto the users’ machines. The volume of SQL injection attacks at the end of 2008 was 30 times that of the previous summer, IBM says.
MOST POPULAR
Social Media @Computerworld NZ
Computerworld NZ has now reached LinkedIn! Join to expand your networks and meet others interested in information systems.
