Conficker wreaks havoc

, posted: 26-Jan-2009 14:41

I'm a little surprised to see the how fast Conficker (link goes to Symantec's page on the worm) is spreading everywhere. Chris Keall at NBR has a good story on the worm in all its evilness, with estimates from Symantec and F-Secure that the number of infected systems could be as high as nine million.

Conficker infections seem to be rife in New Zealand too, from what I hear. There's an interesting angle to Conficker, according to one sysadmin I spoke to: it locks out the Administrator account in Windows XP at least (I'm not sure if the same thing happens in Vista).

This causes a massive amount of additional pain for organisations that have applications that'll only run properly under the Administrator account. Imagine having to clean up after Conficker plus dealing with users who cannot access the apps they need to go about their work...

If it's true about the Administrator account being locked out, then there's never been a better case for re-thinking coding practices that means programs need Administrator privileges to run properly than Conficker. Unfortunately, Microsoft has only lately come to realise that Administrator privileges should be reserved for administrative tasks only, and not for running day-to-day programs.

This reminds me of the time a client called and complained about poor network performance. I logged in remotely to a FreeBSD box and found a massive amount of ICMP traffic on the LAN, for no apparent reason. That was of course NIMDA in action, courtesy of a user managing abusing admin privileges to turn off the anti-virus on his computer, and also happily opening up any old emailed attachment. The clean-up cost to the business was in the thousands but unfortunately, OSH rules ban contractors from taking recalcitrant users outside and putting them up against  the wall.

Other related posts:
Do you still use PPTP for your VPN? Don't.
A very non-obvious Firefox security hole plugged
Symantec antivirus makes encrypted files inaccessible on Vista

comments powered by Disqus


Google News search
IT News
PC World New Zealand
Computerworld NZ
PC World and Computerworld Australia
PC World US
Computerworld US
NZ Herald
Virus Bulletin

Content copyright © Juha Saarinen. If you wish to use the content of my blog on your site, please contact me for details. I'm usually happy to share my material as long as it's not for spamblogs and content farms. Please attribute with a link back to this blog. If you wish to advertise on my blog, please drop me an email to discuss the details.
Comments policy All comments posted on this blog are the copyright and responsibility of the submitters in question. Comments commercial and promotional in nature are not allowed. Please ensure that your comments are on topic and refrain from making personal remarks.