HomeCommunitySecurity Blog

Security Blog

 

Threat Lab Report: April 1st Worm Threat

Posted By Netgear Threat Lab at 11:13 AM, April 3, 2009

On April 1st, many security companies spent the day nervously monitoring the Internet for signs of large scale attacks. However, there were no such activities by the botnet which mainly consists of PCs infected by the Kido (Conficker, Downadup) worm. In our own monitoring, we found this to be the case as well.

So was this simply an April Fool's Joke? Our data indicates otherwise. We did detect some communication between the Kido worm and its master. The worm asked for further instructions, but did not get a reply. Once again, the worm's creator chose silence over action. This is understandable, based on the data on hand, we guess that Kido's creator gave up on any original plans to take any major action on April 1st due to the amount of security companies monitoring the Internet closely on this day. Of course,they still have many more opportunities in the future. Perhaps just when we think that the storm has passed and dropped our awareness, will be the time which they strike.

The Kido worm was first discovered November of 2008. It mainly exploits the Microsoft Windows vulnerability MS08-067. To this date, over 15 million Windows PCs have been infected by the worm.

Truth be told, protecting against the Kido worm is not a difficult task. The two steps below will go a long way in ensuring that you are protected against this threat:
1. Apply security patches
2. Configure Windows Update to automatically update.

Posted by: Netgear Threat Lab at 11:13 AM
Categories: Malware , Netgear Threat Lab

No TrackBacks

TrackBack URL: http://prosecure.netgear.com/cgi-bin/mt/mt-tb.cgi/15

Comments