Conficker Worm Attacks, Morphs

Malware infects Univ. of Utah and reveals money-making scam.

ByABC News
April 13, 2009, 10:48 AM

April 13, 2009— -- The sophisticated Conficker worm has infected about 800 computers at the University of Utah, campus officials said today.

The outbreak was first detected Thursday and, by Friday, had spread to computers at the hospitals, medical school and colleges of nursing, pharmacy and health.

Chris Nelson, a University of Utah health sciences spokesman, said that patient data and medical records had not been compromised because they are protected more securely.

The outbreak was still active this morning, although it has been contained, he said.

"It's still presenting itself, but we're able to manage it in a much more localized way," said Nelson, adding that school officials believe they contained it before it jeopardized personal information.

The university's office of information technology notified the campus and advised faculty, students and staff on how to protect their computers and has been aggressively cleaning infected machines.

But Nelson said the virus is "a pesky little thing" that manages to return even after it has been wiped off a computer.

Still, he said the IT office is carefully monitoring the system and will continue to do so for the next 30 days.

Nelson said that some of the infiltrated computers started to slow down but many others did not show any evidence of the infection.

Security experts also say that Conficker has adapted to become more efficient and earn its keep.

"It's using itself to make more money, to monetize," said Kevin Haley, director of Internet security firm Symantec's security response team.

The worm is dropping a piece of malware that pretends to be a anti-virus program called Spyware Protect 2009. He said the rogue program displays a message telling the user that the computer is infected and offers to clean it up for $49.95.

The program is not spyware removal software but only a ploy to obtain credit card information.

Conficker's origins and purpose are unknown, but computer security experts say it could make an electronic mess as it spreads from one computer to another, taking over machines and commanding them to do things their users never intended.

"We've got some bad guys out there who are extremely sophisticated," said Merrick Furst, a professor at Georgia Institute of Technology who also chairs an Internet security firm called Damballa. "There are a huge number of machines that might be able to be controlled by people other than the owners of those machines."

Conficker is a small computer program that has made its way around the world, probably infecting millions of computers that run on Microsoft Windows.

It is not, strictly speaking, a computer virus. Instead, it may link an infected computer with others as if they were one giant, coordinated machine, known to computer scientists as a botnet.