Conficker Worm could infect Linux Users
A few days ago I spoke on the Conficker/Downadup (C/D) worm that’s working its way around the world, infecting a huge number of Windows-based computers, and a recent story has revealed that if a Linux user who has the Wine software – a program that allows Linux users to download Windows programs – that they could be infected too.
The Superworm that has reportedly been attacking a patched vulnerability in Microsoft Windows, with a reported 6.5 million new infections in the past 4 days alone, bringing the total to an estimated 9 million machines infected.
There are a number of factors contributing to the worm’s growth. The Windows vulnerability allows for self replicating attacks in 2000, XP and Server 2003 version of the software, and the virus has been designed to exploit flash and network drives allowing it to spread across a local network at worrying pace even if just one computer is affected.
A large factor that has allowed the worm to grow is because of stubborn data managers and administrators of Windows-based systems who failed to listen to the warnings and download a security update. Microsoft released a patch to combat the worm over three months ago, but nearly one in three machines have not downloaded it, according to security company Qualys.
The C/D worm uses the autoplay function to load up files from removable devices using a simple autorun.inf file which can fool users into installing malicious code on their machines. This means that even Windows Beta 7 users could have been affected by the slithery culprit.
While autoplay can be turned off and autorun.inf files removed, the users can be easily deceived by the pop-up that appear once the removable device is plugged in. Once the worm is loaded on to a system it uses a complex algorithm based on public websites such as Google to contact their “home” servers and disables Windows Update automatically.
The clever part is that the algorithm changes every day, pointing to different domain names every day (up to 250) and are calculated using a public key – not unlike those used in security encryptions.
It would appear that no-one is safe as even a hospital in Sheffield, England has reported that more than 800 of its 7000 computers have been compromised by the worm – system administrators decided to turn off Windows security updates.













