Posted on 01/16/2009 6:45:02 PM PST by Red in Blue PA
LONDON, England (CNN) -- A new sleeper virus that could allow hackers to steal financial and personal information has now spread to more than eight million computers in what industry analysts say is one of the most serious infections they have ever seen.
Experts say a single infected laptop could expose an entire network to the worm.
The Downadup or Conficker worm exploits a bug in Microsoft Windows to infect mainly corporate networks, where -- although it has yet to cause any harm -- it potentially exposes infected PCs to hijack.
Mikko Hypponen, chief research officer at anti-virus firm F-Secure, says while the purpose of the worm is unclear, its unique "phone home" design, linking back to its point of origin, means it can receive further orders to wreak havoc.
He said his company had reverse-engineered its program, which they suspected of originating in Ukraine, and is using the call-back mechanism to monitor an exponential infection rate, despite Microsoft's issuing of a patch to fix the bug.
"On Tuesday there were 2.5 million, on Wednesday 3.5 million and today [Friday], eight million," he told CNN. "It's getting worse, not better."
(Excerpt) Read more at cnn.com ...
In most corporate intranets, there is no way to get to the public internet. All you can do is web browsing through a proxy server.
Will this fix global warming?
A related story to your earlier ping.
Are these the same?
Downadup:
http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99
Conficker:
http://www.napera.com/blog/?p=360
Securely clicking on this thread...
...from a Linux machine
...behind an up-to-date hardware firewall
...on a fully backed-up system
:-)
That may be true in part, but nearly all users in a company can still access the internet. In most cases with Internet Explorer, going through a proxy server won't stop you from getting hijacked or having the entire machine compromised with malicious code. To really be effective, the proxy would have to do inspections at the packet level, rather than authentication, port filtering, agent/client checks, and URL based ACLs as most proxy machines do.
Yeah, I know that.
But when the virus or trojan tries to ‘dial home’, it’s no dice, because it is not configured to go through the proxy server.
This is true, assuming there is a properly configured perimeter firewall. A virus doesn't need to go through port 80, through a proxy server. Many virii will install a SMTP service on a machine and 'call home' via email. Of course any properly configured firewall will only allow outbound port 25 from authorized mail servers on the internal network.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.