Rapidly spreading computer virus may be a dud

Jan. 21, 2009
Experts say virus not working as intended

NEW YORK-A computer virus that may leave Microsoft Windows users vulnerable to digital hijacking is spreading through companies in the U.S., Europe and Asia, already infecting close to 9 million machines, according to a private online security firm.

Fortunately, however, it may be a dud.

Though computer bugs have become a common affliction, Finland-based F-Secure says a virus it has been tracking for the past several weeks has surged more rapidly through corporate networks than anything they have seen in years.

But the virus does not appear to be working as its designers intended. F-Secure's chief security adviser, Patrik Runald, said the virus's coding suggests a type of bug that alerts computer users to bogus infections on their machines and offers to help by selling them antivirus software.

Instead, the virus is simply spreading to little effect, though it may still pose a threat to infected computers.

"The gang behind this worm haven't used it yet," F-Secure's chief research officer, Nikko Hypponen said by phone. "But they could do anything they like with any of these machines at any time."

Microsoft issued a security update Tuesday to deal with the so-called "Downadup" or "Conficker" virus, which appears to be a new version of a bug that popped up in October.

"Over the last couple of weeks, a new variant of this worm has been affecting customers," the company acknowledged in a blog post. Microsoft said the virus is spreading by gaining access to one computer and then guessing at passwords of other users in the same network: "If the password is weak, it may succeed."

A company representative couldn't immediately be reached Saturday to comment on F-Secure's estimate of infected machines.

Most computers with Windows will automatically download Microsoft's security update, but Hypponen said the virus disables updates on infected machines.

While the origin of the virus is a mystery, F-Secure's best guess is it came from Ukraine. Hypponen said it is coded to avoid computers there, which may indicate whoever wrote the virus was trying to avoid drawing attention from local authorities.

Sponsored Recommendations

Knightscope receives two more K5 expansion contracts for casinos

These two new ASRs bring the total robots under contract to 5, which include deployments in Las Vegas, Nevada; Council Bluffs, Iowa; and Aurora, Illinois.

ISACA adds new credentialing pathway as part of its new CMMI model upgrade

Successfully completing this course also opens the gateway to advanced CMMI training, equipping professionals with the prerequisites required for more specialized courses in the...

Barrier1 features expanded portfolio of crash rated, storefront safety bollards at NACS 2023

On display and available for demonstration at Barrier1 booth# B5205 is the Tomcat S10 Storefront Bollard, a crash-rated bollard designed to stop a 5,000lb vehicle traveling at...

Ransomware attack disrupts Johnson Control’s internal IT infrastructure, apps

JCI said after detecting the issue it began probing the incident with help from external cybersecurity experts, adding the company is “also coordinating with its insurers.”