F-Secure Security Threat Summary of Q1 2009: Biggest Threat, Updated Conficker Worm

Article by George Norman (Cybersecurity Editor)

on 10 Apr 2009

F-Secure, the Finland-based company that specializes in providing antivirus and security software, has released the security threat summary of Q1 2009. The trends for the beginning of the year: as social networking sites like Facebook continue to grow, so does the number of social engineering attempts increase; the first SMS worm has been detected; the Conficker worm has infected millions of machines worldwide. Speaking of Conficker, F-Secure has also detected that the worm was updated a couple of days ago and a new variant has been circulating – this last piece of info has been confirmed by other security vendors and security experts.

According to F-Secure’s Q1 2009 Security Threat Summary, the following events have occurred this year in the security world:

1. Conficker (a.k.a. Downadnup, Kido or MS08-067 Worm) has shown signs of sustained growth, backed by professional malware authors. During the first two months of 2009, January and February, the B variant of Conficker infected millions of computers worldwide – the most affected countries were Chine, Russia, Brazil and India. The consistent growth of the Conficker worm has determined several security companies to form the “Conficker Working Group”.

2. Popular social networking site Facebook has become a favorite target for people with malicious intent as it has reached a total of 175 million accounts during Q1 2009 – by the end of the year experts predict the number of Facebook accounts will reach 300 million.

3. Two notable data breaches occurred in Q1 2009: Monster UK, a job search site, was compromised, leading to the personal data of thousands of users being scrapped; Heartland Payment Services Inc, company that processes payments for US retailers, reported a massive data breach.

4. The most significant mobile malware of Q1 2009 was the Sexy View worm (Yxe worm), the first SMS worm ever to be discovered.

5. Ever-increasing evidence is coming to light that malware spreaders are targeting Macs. In Q1 we saw pirated copies of iWork 2009 shared via torrent sites, spreading malware.

More details on F-Secure’s Q1 2009 Security Threat Summary available here.

Getting back to the Conficker worm, it seems that a new version of the malware has made an appearance. F-Secure explains: “On April 8th a new update was made available to Conficker.C infected machines via the P2P network. The new file, which we call Conficker.E, is executed and co-exists alongside the old infection. It re-introduces spreading via the MS08-067 vulnerability. Spreading functionality was removed in Conficker.C and the gang behind this maybe realized they made a mistake and added it again. There's also a connection to rogue anti-virus products as we've seen it end up on Conficker.C infected machines. The rogue product was Spyware Guard 2008. Conficker.E deletes itself if the date is May 3, 2009 or later.”

The info has been confirmed by: ESET, MacAfee, TrendMicro, Microsoft Security Response Center and Microsoft Malware Protection Center. Speaking of Microsoft, did you know that the Redmond software developer has put a $250,000 reward on Conficker’s author(s)? Details here.

Latest News

Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all