CATEGORIES
home News

Conficker Virus Resurfaces

by Jennifer JohnsonFriday, April 24, 2009, 06:39 PM EDT

Weeks after being dismissed as a false alarm, the Conficker virus is slowly being activated. Conficker, also known as Downadup or Kido, is quietly turning thousands of personal computers into email spam servers and installing spyware. It does this by installing a second virus known as Waledac that can send out email spam without the PC owner’s knowledge. The Waledac virus recruits the PCs into a second botnet that specializes in distributing email spam.

Conficker also carries a third virus that prompts PC owners to purchase a fake anti-virus program called Spyware Protect 2009 for $49.95. When users purchase the fake security system, their credit card information is stolen and the virus downloads additional malware.

The Conficker worm began spreading late last year and has infected millions of computers, turning them into “slaves” that will respond to commands from a remote sever. Vincent Weafer, vice president with Symantec Security Response, said Conficker’s unidentified creators have begun using some of the infected machines for criminal purposes by loading malicious software. Weafer expects Conficker to a long-term, slowly changing worm.

Paul Ferguson, a senior researcher with Trend Micro Inc, described Conficker as a sophisticated botnet.  Ferguson believes Conficker's authors have likely installed a spam engine and another malicious software programs on tens of thousands of computers since April 7. Ferguson said the worm will stop distributing the software to infected PCs on May 3rd but expects other attacks to follow.

Security researchers had previously warned Conficker would strike on April 1st because the worm was programmed to increase communication attempts on that date. The threat of attack from Conficker grew widespread attention, which some experts have said may have scared off the criminals who command the slave computers.

During a panel at the RSA security conference yesterday, a security expert revealed the Conficker worm had infected several hundred machines and critical medical equipment in an undisclosed number of U.S. hospitals. According to Marcus Sachs, director of the SANS Internet Storm Center and a former White House cyber security official, Conficker in hospitals is not widespread, but it raises the awareness of what could happen if there were millions of infected computers at hospitals or other critical infrastructure locations.

At this point it’s unclear how the devices, which control things like heart monitors and MRI machines, got infected. The computers are older machines running Windows NT and Windows 2000 in a local area network that was not supposed to have access to the Internet. The network was connected to another network that does have direct Internet access, however.

Tags:  security, virus, Conficker
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment