Taterf Worm
Posted by: Wild MissingNo. appeared
Date: 2009-11-13 23:37:59
PC users open doors to such worms as Conficker, Taterf
A year after it first slithered onto the Internet, the Conficker worm remains as virulent as ever, despite an unprecedented eradication campaign. Meanwhile, a similar, though less heralded worm, Taterf, is gathering steam.
Conficker and Taterf may be unstoppable, barring sweeping behavior changes by companies and consumers which is unlikely. "The sad fact is worms and viruses would be wiped out if everyone used best security practices," says Eric Sites, chief technology officer of anti-virus firm Sunbelt Software.
ON THE IPHONE: First worm hits smartphone
Security firms and law enforcement are keeping a close watch. Yet, Conficker and Taterf each carry the potential to dramatically escalate Internet-wide thievery. Microsoft recently disclosed that the number of copies of Conficker and Taterf cleansed from Windows PCs rose 98.4% in the first six months of this year compared with the last six months of 2008. That snapshot comes from a clean-up tool in Windows' auto-update service, which checks mostly home-use PCs for specific, known infections.
Yet, Conficker and Taterf are spreading most prolifically within company networks, underscoring the risk of commercializing the Internet. Despite the fact that the Internet was created 40 years ago as an experiment in open, anonymous data exchanges, companies are increasingly using it to conduct business. In doing so, they've created an ideal setting for Conficker and Taterf to thrive.
"We're doing proprietary things with real dollars attached, raising the opportunity for people to take advantage," says Rob Housman, executive director of the Cyber Secure Institute, a tech security think tank. "We didn't design the Internet to be secure, we designed it to be free."
Tainting USB ports
Hackers in the 1980s spread viruses by sneaking bad code onto the floppy disks needed to boot up early PCs. Conficker and Taterf do much the same: They rely on the circulation of tainted memory sticks, music players, cameras, camcorders and smartphones that plug into the universal serial bus ports of modern PCs. The PC's USB port then becomes infected so that the next device plugged in also becomes tainted.
The worms don't stop there. Controlled by a top-tier cybergang, Conficker seeks out nearby PCs and slips into security holes left open if the PC is not current on its Windows security patches. It also tries to log onto PCs even patched ones sharing the network, using a password-breaking program. Each freshly infected PC, in turn, gets its USB drives tainted, and the cycle repeats. Conficker's creators set out to assemble a massive network of infected computers, called a botnet, to spread spam, steal data, hijack online financial accounts and promote worthless anti-virus protection. But with the FBI watching closely, its controllers appear to be content to let the worm self-propagate.
"Too much attention means little activity and little gain," Sites says.
Still, the bad guys could be "biding their time waiting for a particularly lucrative opportunity," says Vernon Jackson, engineering manager at IBM's ISS X-Force security team.
Gamers' worm
Unlike Conficker, Taterf is the collective work of hundreds of moderately skilled hackers using widely available tool kits to create their own special worm. These hackers' only goal is to harvest log-ons to online games, such as World of Warcraft, EverQuest and Aion. They sell the log-ons to thieves who loot gamers' accounts for virtual cash and prize items, which they sell for real cash to avid gamers.
Tainted USB devices plugged into workplace PCs have set Taterf loose in corporate networks. "The target is gamers, but the bleed-over effects are increasingly common," says Gunter Ollmann, vice president of research at security firm Damballa.
Taterf infects all the shared hard drives the infected PC can connect to. Subsequently, any worker who navigates to the shared drive gets infected. Some Taterf hackers are starting to recognize that access to a corporate PC can be valuable for more than just gaming log-ons. "Once your machine is owned, they can do anything with it they like," Sophos researcher Chet Wisniewski says. "This could certainly turn into a bigger problem."
Companies can slow Conficker and Taterf by keeping anti-virus programs updated and security patches current, as well as turning off the Windows "autorun" feature, which executes code from any device plugged into USB ports. But many don't. For those who are inoculating, cleanup can be a nightmare. One tainted USB device inserted into a clean PC can re-infect the entire system.
"These worms will be around for many years to come," Wisniewski says.