The police force in England’s second-largest city, the Greater Manchester Police (GMP), has suffered extensive disruption for several days following an infection by the Conficker worm.
Read More »

It seems from a recent report that healthcare businesses have become a specific target for hackers in recent months. International managed security services company SecureWorks says that attempted hacker attacks launched at its healthcare clients doubled in Q4 2009, increasing from an average of 6,500 per healthcare client, per day in the first nine months of 2009, to an average of 13,400 per client per day in Q4 2009.

It’s suggested that there are two main reasons for this: the large amounts of identifiable data on patients stored within healthcare organisations, and the sheer number of possible attack vectors, including web-based attacks and attacks from devices (such as infected, unauthorised USB flash drives).

In some territories, such as the UK and Canada, healthcare bodies are rolling out extensive data security measures (such as secure USB drives with onboard anti-virus scanning). This is a sensible and practical response to the increase in data security risks.

This article at leading security portal Help Net Security summarizes 2009 from the point of view of the malware that was found in the wild.

As the piece points out, it was a year in which nobody that uses the Internet could ignore the dangers of malware, whether received by email, from Google’s search results, on social networks like FaceBook or Twitter, or even by direct injection from USB memory sticks, as was the case with Conficker and its variants. Read More »

This week marks one year since the Conficker worm (known as Downadup at the time) was discovered in the wild.  As we know, it went on to become one of the biggest infections ever seen, with an estimated 12 million-plus PCs infected globally.

This interview with Eric Sites, a member of the Conficker Working Group, looks at what has happened through Conficker’s lifespan, and speculates as to who developed the worm.

Conficker has also been instrumental in driving changes to everyday computing practice.  As one of the first worms to exploit Windows Autorun and to spread via removable media, it’s forced companies to re-evaluate the way they use devices such as USB flash drives. 

It made the security sector look at providing anti-malware software to protect data on devices other than PCs – such as on our secure USB drives with onboard AV scanning.  This shows that with any problem, there is also an opportunity to improve data security.

If we needed any further reminders, new data has shown that malware which exploits the Windows Autorun vulnerability accounts for more than 35% of the top 10 global infections so far this year.  This is more than double the proportion found in the second half of 2008.

The key findings from Microsoft’s Security Intelligence Report Version 7 show that the Conficker worm, along with a Trojan called Taterf which steals passwords and license keys for popular computer games, were detected on 5.21 million and 4.91 million Windows computers respectively. 

Taterf is notable in that it spreads only via Autorun, and of course Autorun is one of the vectors by which Conficker can spread. 

While our Cruzer Enterprise secure flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, it’s worth remembering that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames. 

We suggest being cautious in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.

A new large-scale malware outbreak is currently believed to have infected at least 50 of America’s Fortune 100 companies.

Over 70 variants of the malware, known as Mariposa, have been identified, with complex methods of action including email address harvesting, injecting code into known system processes, and downloading further malware onto corporate computers and networks. 

Like Conficker, this new malware can spread by multiple mechanisms, including running automatically from USB flash drives, via an Internet-based update module, and across the MSN Messenger chat network.

Also like Conficker, the exact motivation or the people behind the threat are not known.  But it’s worth checking your AV signatures are fully updated – and we would recommend the use of secure USB drives with onboard anti-malware protection, too.

At the recent Black Hat security conference in Las Vegas, anti-malware researchers spent a lot of time discussing the Conficker botnet worm, as you might expect following one of the largest-scale infections ever seen.

It was apparent that although business seems to be forgetting about it, Conficker still represents a major threat.  Over 5.5 million infected PCs are still out there, with most of the infections in Brazil, China and Vietnam.  The problem is, no-one really knows what kind of threat, or how that threat will be realised. 

More detail was given on how the worm spreads via unsecured USB flash drives.  Conficker’s code is able to trigger an autorun on Windows, even when a user might have had autorun disabled for USB media.  Conficker’s code actually tricks the user by getting Windows to show the icon for ‘open folder’, getting the user to actually run and execute the code.

As we’ve mentioned before, secure USB flash drives with onboard anti-malware can stop the spread of Conficker via this vector.  But the infection is still widespread – so ensure your systems are disinfected, patched and updated before the sleeping giant wakes up.

Network Products Guide, an industry-leading publication on information technologies and solutions, has named the Cruzer Enterprise with McAfee as a winner of its 2009 Product Innovation Awards, in the Portable Media category.

These awards recognize vendors whose innovative products bring essential changes to the information technology industry.  The Cruzer Enterprise with McAfee, introduced in October 2008, was the first USB security solution with onboard anti-virus scanning, protecting against worms, viruses and trojans that spread via removable storage media.

This capability is now a key element in endpoint and network security, thanks to the growth in malware which spreads via removable storage, including the Downadup / Conficker worm.

When President Obama laid out his ambitious plan to thwart cyberthreats on Friday, he recognised what many have known for a long time – data and networks can be used as weapons against a nation’s security if they are not properly protected.

In his Friday address, he specifically mentioned the 2008 infection of Department of Defense computers by malware, which originated from an infected USB flash drive.

President Obama said:  “In one of the most serious cyber incidents to date against our military networks, several thousand computers were infected last year by malicious software — malware. And while no sensitive information was compromised, our troops and defense personnel had to give up those external memory devices — thumb drives — changing the way they used their computers every day.”

As posted on this blog last year, the spread of malware via USB sticks is easily stemmed by using secure flash drives with onboard anti-malware, such as our Cruzer Enterprise range.  Some aspects of the battle to secure data and networks will be long and difficult.  However, when it comes to securing data on pen drives, it should be a very quick win.

Last week, Wired began reporting that the US Army has banned the use of USB drives after a worm that spreads by copying itself to thumb drives or other removable media infiltrated Army networks.

It’s not the first time malware has been spread through this vector. In May, 2007 the SillyFD-AA worm spread by copying itself onto removable media such as USB flash drives, then automatically running when that drive was connected to a PC. The following month, the LiarVB-A worm surfaced. Like the SillyFD-AA worm, it too spread by copying itself onto removable drives such as USB flash drives and running as soon as the device connected to a PC.

And more recently, in August 2008, NASA made headlines after the TGammima.AG worm infected a computer on the International Space Station. And how did it get there? Via a USB flash drive.

Read More »