Conficker responsible for 15pc of Irish malware infections

8 Jun 2010

Infections of the Conficker worm reached a historical high in May, accounting for 15pc of all malware infections in Ireland, according to Eset’s latest threat trends report.

The network worm, which caused widespread damage to many organisations’ IT systems since it was launched in November 2008, usually represents just under 10pc of worldwide infections (in May it clocked 9.12pc).

Ireland’s high rate of infection put it up with the likes of the hardest hit eastern European countries, Eset said. “While Conficker has been in and out of the top spot of Irish infections over the last year, this is the first time it has such an alarmingly prevalent percentage.”

This is despite the wide availability of patches to plug the vulnerability, as well as removal tools from antivirus vendors. The United States Computer Emergency Readiness Team (US-CERT) recommends disabling the AutoRun feature in Windows to prevent some variants of the worm from spreading through removable media, like USB drives.

Conficker’s reach

Conficker is also known as Downup, Downadup, Conflicker or Kido and is the single biggest reported piece of malware since 2003’s Slammer stack. Estimates suggest it has infected millions of PCs worldwide, with reported instances in more than 200 countries. The Conficker Working Group puts the number of currently infected machines at more than 6 million.

The worm uses a range of techniques to avoid detection and it generates large amounts of traffic on a company’s network once it gets into the system. Last year, IT security sources said some multinationals based here were taken down and some Government systems are understood to have been infected. At least one large well-known Irish company was forced offline for two days as a result of a Conficker infection.

What makes Conficker even more unusual is that it bucks a growing trend in malware. Security analysts say the more common approach over the past number of years has been to release a wide variety of infections that are designed to be effective in the short term before patches are created. Consequently, there are a lot more variants and no one infection tends to be any more effective than others. Conficker clearly doesn’t conform to that model.

As a case in point, the second-most prevalent infections in Ireland last month had just 5.25pc of the total. INF/Autorun is designed to modify the content of removable media, triggering undesired harmful applications, Eset said.

Win32/Agent, a piece of data-stealing software, was third with 3.74pc of the total. Fourth place went to Win32/Qhost, which causes modifications to Windows folders and then allows remote attackers to take over the system. 

Fifth-placed Win32/Oficla (1.39pc of all infections in May) is Eset’s label for Trojans. These programs download additional malware from various sources on the web.

By Gordon Smith

Gordon Smith was a contributor to Silicon Republic

editorial@siliconrepublic.com