Security experts have armed themselves against a potential resurfacing of the Conficker worm, which spreads rapidly among PCs by exploiting a flaw in Microsoft Windows.
Ajoy Ghosh, security executive at Logica told CRN there was a new variant of the worm - which first appeared in November - called Virut, which caused "quite some downtime".
Virut was a polymorphic file infector with some additional features and it spread all around the drive and infects even files infected by another virus.
He said he was working on a "strategy to deal with it".
Chris Herrmann, managing director at Sydney-based integrator - Far Edge Technology - said he hasn't seen any infections in the corporate space from the worm yet.
The integrator was "nonetheless taking it very seriously". Herrmann believed Conficker worm could be prevented from infecting a PC but removal was very complicated and involves reinstalling the infected machine from scratch.
"There's been a lot of effort put into trying to unlock Conficker's secrets - who / how / where, but with the worm rapidly evolving and some sophisticated encryption technology that's unlikely to happen in the near future," said Herrmann.
He said once a PC was infected it gave complete control of it to a remote person who is controlling it. So the theoretical damage it could cause is quite astounding.
"For most users the biggest risks are breaching their bank account login details, having their PC used to attack a third party, exceeding their download limit, or sending documents and emails to third parties," he said. "The costs involved in cleanup can be substantial as well and if you're a business the cleanup process can be even more difficult, as having even one infected computer on your network can reinfect an entire network again in minutes."
Herrmann said most IT Integrators were well prepared for it and are following best practice guidelines to provide protection.
However, small businesses are often reluctant to implement proper firewalls that could scan incoming and outgoing network traffic for threats.
"This is I believe an education challenge for integrators," he said. "We need to ensure that we communicate clearly the risks and costs associated with not implementing appropriate protection to the small business community," said Herrmann.
Andrew Best, senior system administrators at Far Edge said the integrator employed a packet level anti-virus detection and IPS at the network border. It monitored and reported on clients' Windows Update status for their desktops and servers.
"We fight Malware with a 'defence in depth strategy," he said. "By putting multiple barriers up to prevent infection we remove our reliance on a single piece of software and hence eliminate a single point of failure."
Chris Protheroe, owner of Queensland-based integrator - Conrad and Black IT Services - told CRN he was adopting a "wait and see approach" to the worm.
"As usual with any security threat I believe that prevention is 10 times better than cure," he said. "Users must ensure that they have fully patched systems with up-to-date security software."
He said Conrad and Black tried to "drum this into customers" so that the impact of any such threats was minimised.
"Obviously if Conficker keeps evolving and brings a payload as bad as some of the experts are saying then things could get very interesting," said Protheroe.
Conficker first appeared in November last year.
Infected PCs are dragooned into a botnet controlled by the Conficker worm's unknown authors, which security researchers fear could be used to launch cyber attacks over the internet.
Conficker has built-in mechanisms to prevent people from scanning their computers with anti-virus software. The worm also spreads without the users having to do anything other than switch on their computers.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
