Conficker Hits U.K. Parliament

The Conficker worm has hit yet another high profile victim. This time, the networks of the U.K Houses of Parliament reportedly are the latest to be incorporated in the millions of computers infected by the botnet.

According to a U.K. Parliament memo, which was leaked on political block Dizzy Thinks, the widespread Conficker worm infection slowed Parliamentary computer systems and locked out several accounts.

While the issue has yet to be resolved, the U.K. Parliament memo maintained that staff were working with third party partners to eradicate the Conficker worm and were going to "act swiftly to clean computers that are infected."

Employees with infected computers would be contacted and the device would either be removed or cleaned with appropriate software to prevent further attacks, the advisory said.

Sponsored post

The attack precedes an impending Conficker variant, slated to be released April 1, that will allegedly deliver a malicious, but yet unknown, payload. Some security experts have speculated that the latest version will create a new update mechanism that will allow it to randomly communicate with its command and control centers to launch attacks indiscriminately. The new version of Conficker will crank up the number of domains that it can check for updates from 250 to about 50,000, while being able to dodge interception by the security community, which has thus far been able to impede communication between the notorious botnet and its domains.

The Conficker worm has significantly evolved since its launch in October 2008. The worm originated as the result of an attack exploiting a Microsoft vulnerability in the handling of RPC requests in the Server Service. Microsoft immediately released an emergency out-of-band patch repairing the vulnerability, but the fix did little to slow the worm from rapidly spreading once it took hold.

Now Conficker Version C -- the latest variant of the malware -- has the ability to spread via peer-to-peer files as well as through USB sticks. It also added defensive measures designed to evade detection and removal by disabling Windows Automatic Updates and Windows Security Center, and has proven to block access to several security vendors' Web sites and circumvent many antivirus products.

Meanwhile, until the Conficker issue is resolved, the memo asked PICT users to remove all unauthorized PCs and laptops from the network and refrain from using USB sticks or other portable devices to store or transfer information.