IT security provider F-Secure Corp. released its IT Threat Summary for the first quarter of 2009 today, pointing to the biggest malware story of 2009 so far as being the Conficker (aka Downadup) worm. Conficker is a classic worm exploiting vulnerabilities in Microsoft Windows, but with advanced features such as heavy encryption, a peer-to-peer functionality – meaning that infected computers can communicate with each other without the need for a server – and the ability to convert and update itself.
“The authors behind Conficker are professionals. They have infected millions of computers, and could do anything they wanted with them,” said Patrik Runald, F-Secure’s chief security advisor. “The mystery is why they haven’t done anything – not yet, anyway.”
Conficker changed operation modes on April 1, gaining front-page media coverage worldwide. Though the gang behind the worm took no action with its botnet, the mystery continues.
Worms also have started using social networking. The latest variant of the Koobface worm spreading on Facebook steals your logon credentials. It then logs in, steals your picture and friends’ e-mail addresses, creates a fake YouTube page with your Facebook photo and sends an e-mail to your friends saying they’ve been tagged in a video on YouTube.
The first quarter was also historic as it saw the birth of the first SMS worm, Sexy View, designed for smartphones. Sexy View, like Koobface, is a social engineering worm that uses the contacts stored on your smartphone to spread. It sends a text message to your contacts, telling them to check out some hot pictures and offers a link to a Web site.
Your contacts follow the URL because it came from you. They are asked to install an application, which now sends the worm to all their contacts. The worm sends the information about the phone to its makers, who then use this information to send SMS spam.
“Sexy View is important in many ways,” Runald said. “It is the first text message worm ever. It’s also the first mobile phone worm that circumvents the signature checks that are meant to secure the latest smartphones. And the motive behind it seems to be to collect information for mobile phone spamming purposes. Mobile phone spam is already a big problem in some parts of the world – eventually it will be an issue everywhere.”