Infections of a worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is “skyrocketing”.

The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008.

Anti-virus firm F-Secure estimates there are now 8.9m machines infected.

Experts warn this figure could be far higher and say users should have up-to-date anti-virus software and install Microsoft’s MS08-067 patch.

In its security blog, F-Secure said that the number of infections based on its calculations was “skyrocketing” and that the situation was “getting worse”.

Speaking to the BBC, Graham Cluley, senior technology consultant with anti-virus firm Sophos, said the outbreak was of a scale they had not seen for some time.

“Microsoft did a good job of updating people’s home computers, but the virus continues to infect business who have ignored the patch update.

“A shortage of IT staff during the holiday break didn’t help and rolling out a patch over a large number of computers isn’t easy.

“What’s more, if your users are using weak passwords – 12345, QWERTY, etc – then the virus can crack them in short order,” he added.

“But as the virus can be spread with USB memory sticks, even having the Windows patch won’t keep you safe. You need anti-virus software for that.”

According to Microsoft, the worm works by searching for a Windows executable file called “services.exe” and then becomes part of that code.

It then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

Once the worm is up and running, it creates an HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.

Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down.

But Conficker does things differently.

Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers’ files. On the face of it, tracing this one site is almost impossible.

Speaking to the BBC, Kaspersky Lab’s security analyst, Eddy Willems, said that a new strain of the worm was complicating matters.

“There was a new variant released less than two weeks ago and that’s the one causing most of the problems,” said Mr Willems

“The replication methods are quite good. It’s using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism.”

“Of course, the real problem is that people haven’t patched their software,” he added.

Technicians have reverse engineered the worm so they can predict one of the possible domain names. This does not help them pinpoint those who created Downadup, but it does give them the ability to see how many machines are infected.

“Right now, we’re seeing hundreds of thousands of unique IP addresses connecting to the domains we’ve registered,” F-Secure’s Toni Kovunen said in a statement.

“We can see them, but we can’t disinfect them – that would be seen as unauthorised use.”

Microsoft says that the malware has infected computers in many different parts of the world, with machines in China, Brazil, Russia, and India having the highest number of victims.

Increasing numbers of teenagers are starting to dabble in hi-tech crime, say experts.

Computer security professionals say many net forums are populated by teenagers swapping credit card numbers, phishing kits and hacking tips.

The poor technical skills of many young hackers means they are very likely to get caught and arrested, they say.

Youth workers added that any teenager getting a criminal record would be putting their future at risk.

Many teenagers got into low level crime by looking for exploits and cracks for their favourite computer games.

Communities and forums spring up where people start to swap malicious programs, knowledge and sometimes stolen data.   For a kid, getting a criminal record is the worst possible move

Some also look for exploits and virus code that can be run against the social networking sites popular with many young people. Some then try to peddle or use the details or accounts they net in this way.

Mr Boyd said he spent a lot of time tracking down the creators of many of the nuisance programs written to exploit users of social networking sites and the culprit was often a teenager.

From such virus and nuisance programs, he said, many progress to outright criminal practices such as using phishing kits to create and run their own scams.

“Some are quite crude, some are clever and some are stupid,” he said.

The teenagers’ attempts to make money from their life of cyber crime usually came unstuck because of their poor technical skills.

“They do not even know enough to get a simple phishing or attack tool right,” said Kevin Hogan, a senior manager Symantec Security Response.

“We have seen phishing sites that have broken images because the link, rather than reference the original webpage, is referencing a file on the C: drive that is not there,” he said.

Symantec researchers have collected many examples of teenagers who have managed to cripple their own PCs by infecting them with viruses they have written.

Chris Boyd from FaceTime said many of the young criminal hackers were undermined by their desire to win recognition for their exploits. 
Many teenage hackers publicise their exploits on YouTube

“They are obsessed with making videos of what they are doing,” he said.

Many post videos of what they have done to sites such as YouTube and sign on with the same alias used to hack a site, run a phishing attack or write a web exploit.

Many share photos or other details of their life on other sites making it easy for computer security experts to track them down and get them shut down.

Mr Boyd’s action to shut down one wannabe hacker, using the name YoGangsta50, was so comprehensive that it wrung a pledge from the teenager in question to never to get involved in petty hi-tech crime again.

Mathew Bevan, a reformed hacker who was arrested as a teenager and then acquitted for his online exploits, said it was no surprise that young people were indulging in online crime.

“It’s about the thrill and power to prove they are somebody,” he said. That also explains why they stuck with an alias or online identity even though it was compromised, he added.

“The aim of what they are doing is to get the fame within their peer group,” he said. “They spend months or years developing who they are and their status. They do not want to give that up freely.”

Graham Robb, a board member of the Youth Justice Board, said teenagers needed to appreciate the risks they took by falling into hi-tech crime.

“If they get a criminal record it stays with them,” he said. “A Criminal Record Bureau check will throw that up and it could prevent access to jobs.”

Anyone arrested and charged for the most serious crimes would carry their criminal record with them throughout their life.

Also, he added, young people needed to appreciate the impact of actions carried out via the net and a computer.

“Are they going to be able to live with the fact that they caused harm to other people?” he said. “They do not think there is someone losing their money or their savings from what they are doing.

“For a kid, getting a criminal record is the worst possible move.”

Source – BBC

More than 75% of internet users who have stumbled across pictures of online child sex abuse had no idea of where to report it, a new survey reveals
The poll for the Internet Watch Foundation, a charity that shuts down illegal content, found 77% of people were unaware that it ran a “hotline” for reporting abusive material.

“The UK has a very proactive approach to tackling child sexual abuse content online but we could do even more with the public’s help,” says IWF chief executive Peter Robbins.

“Internet consumers should know that if they do stumble across these images then it’s vital to report them to the IWF.”

People who report illegal content through the IWF website are protected by law, he says. Users of the site can also report anonymously, or leave their contact details should they wish to be informed of what’s happening to the site they reported.

The IWF website received nearly 35,000 reports in 2007, but the organisation wants to raise awareness further and is rolling out an advertising campaign including banner adverts to educate people about the site.

Source – PC Pro