'Amazing' worm attack infects 9 million PCs **Just Bryan's | Blog Putih Biru . .: 'Amazing' worm attack infects 9 million PCs
I'm reading: 'Amazing' worm attack infects 9 million PCsTweet this!


Itu adalah judul pesan di emailku dari Computerworld Wrap-Up, situs yang rutin mengirimi aku perkembangan dunia IT di luar negeri.
Entah sejak kapan atau bagaimana caranya aku dulu register sampai situs ini bisa rutin mengirimi aku email(sampai-sampai mau ta stop gak bisa), kemungkinan aku daftarnya saat dulu sedang keranjingan IT(Hacker,cracker,progamming,dll). Itu dulu saat awal-awal masuk kuliah dan bertahan selama 4 bulanan tapi setelah itu mulai bosan dan sudah sekitar 5 bulanan aku keranjingan ngeblog tapi sepertinya akan bertahan lama..hehe
Dan selama 4 bulanan itu aku mendaftar ke berbagai situs dan memperoleh banyak artikel,ilmu tentang IT,dll. Kalau di kurskan dalam size sekitar 800 MB - 1 GB, aku lupa berapa tepatnya tapi itu termasuk software,video,tutorial dll.
Cukup intermezonya karena dunia IT cepat berkembang dan aku sudah sangat ketinggalan jadi mungkin sebagian besar hal yang sudah kukumpulkan dulu sekarang sudah tidak berguna.
Kembali ke judul posting, berikut berita selengkapnya(reporter mode on)

January 16, 2009 (Computerworld) Memanggil kelompok peneliti keamanan peneliti F-Secure Corp setelah serangan yang "luar biasa" . hari ini dikatakan bahwa sekitar 6.5 juta Windows PCs telah terinfeksi oleh "Downadup" worm dalam 4 hari terakhir, dan mendekati 9 juta hanya dalam kurun waktu 2 minggu.

Jum'at pagi, the Finnish firm merevisi perkiraan jumlah komputer yang telah terifeksi dan menjelaskan bagaimana itu bisa terjadi,"jumlah infeksi dari Downadup sangat melejit," Toni Koivunen, peneliti F-Secure, mengatakan di postingan company's Security Lab blog. "Menurut perkiraan 2.4 million PC terinfeksi dari 8.9 juta lebih dalam kurun waktu 4 hari. Itu luar biasa."

yah..baru ngartiin 2 paragraf aku uda pusing dan bingung dan mungkin banyak salah jadi sisanya baca sendiri aja ya..
ini artikel selengkapnya dalam B.Inggris

January 16, 2009 (Computerworld) Calling the scope of the attack "amazing," security researchers at F-Secure Corp. today said that 6.5 million Windows PCs have been infected by the "Downadup" worm in the last four days, and that nearly 9 million have been compromised in just over two weeks.

Early Friday, the Finnish firm revised its estimate of the number of computers that had fallen victim to the worm, and explained how it came to the figure. "The number of Downadup infections [is] skyrocketing," Toni Koivunen, an F-Secure researcher, said in an entry to the company's Security Lab blog. "From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That's just amazing."

On Tuesday, Koivunen put the number of infected systems at 2.4 million, then updated the estimate Wednesday to 3.5 million, an increase of 1.1 million in just 24 hours.

"We haven't seen outbreaks of this scale in many years," said Mikko Hypponen, chief research officer at F-Secure, in an e-mail reply to questions. "[It] reminds me of the old Loveletter/Melissa/Sasser/Blaster cases size-wise," he added, ticking off some of history's biggest malware attacks.

Downadup -- which also goes by the name "Conficker" -- exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. Although Microsoft fixed the flaw with one of its rare "out of cycle" updates in late October, about a third of all PCs have not yet been patched, according to Qualys Inc., another security company. Those PCs are the ones being hijacked by the worm.

In his Friday blog post, F-Secure's Koivunen also provided some background on the company's estimate, in part because some people had expressed disbelief in the number. According to Koivunen, F-Secure came to its 8.9 million-machine estimate by spying on the worm's communication with hacker-controlled servers.

Once it's gotten onto a PC, Downadup generates a list of possible domains, selects one, then uses that URL to reach a malicious server from which it downloads additional malware to install on the hijacked computer. F-Secure, however, has registered some of those domains, and has been able to monitor traffic through those URLs.

By examining logs of connection attempts to the domains, F-Secure discovered several hundred thousand different IP addresses -- over 350,000 as of today -- as well as a counter embedded in each that spells out the number of additional PCs that the infected machine has compromised.

"So this number tells us how many other computers this machine has exploited since it was last restarted," explained Koivunen. A sample log provided by F-Secure showed 12 Downadup-infected PCs, which collectively had infected 186 additional systems. Just one of the originally infected computers successfully attacked 116 other machines.

"We wrote a program that parses the logs, extracting the highest value for the IP/User-Agent pairs ... then added together to get our figures," said Koivunen. "As you can see now, they are very conservative."

Earlier this week, the already-high number of Downadup infections prompted Microsoft to add detection for the worm to its Malicious Software Removal Tool (MSRT), the anti-malware utility that the company updates and redistributes each month to Windows machines. Microsoft released the latest edition of the MSRT with anti-Downadup capabilities last Tuesday.

Like other security researchers, those from Microsoft have put some of the blame on users slow to patch their PCs. "Either Security Update MS08-067 was not installed at all or was not installed on all the computers," a pair of security researchers who work at Microsoft said Tuesday.

Microsoft has recommended that Windows users install the emergency update, then run the January edition of the MSRT to scrub the worm from compromised computers.

sumber:http://www.computerworld.com

Itu tadi sekilas artikel dalam B.Inggris yang aku temukan di emailku.
Dari yang saya tangkap setelah membacanya*Sok tau mode on* adalah ada virus worm yang disebut Downadup atau "Conficker" yang telah menginfeksi jutaan PC, efek dari virus ini ada di paragraf yang miring(Susah ngartiinnya) dan menurut peneliti salah satu penyebabnya karena pemilik PC lambat dalam menge-patch(dulu kayaknya pernah dengar tapi sekarang aku lupa artinya atau lebih tepatnya gak tau..hehe) PCnya.Dan cara mengatasinya ada di 4 paragraf terakhir dan di paragraf terakhir adalah rekomendasi dari microsoft untuk para pengguna windows.

Aku tidak bisa membayangkan bila ada 9 juta PC/laptop di Indonesia terinfeksi virus lokal(dalam artian cara mengatasinya susah dan tidak bisa diinstal ulang), siapa yang mau benerin ya??berapa banyak peneliti keamanan atau komputer di Indonesia yang seahli diluar negeri??



Silahkan Di Baca Juga



8 comments:

www.katobengke.com said...

walau aq kagak paham tentang artikelnya karna dalam bentuk bahasa asing....
tapi ntar aq translate ajah...
heheheh........

arqu3fiq said...

Wah hebat dapat ilmu banyak dari intenet. Ilmu tidak akan habis di makan jaman.

Frenavit Putra said...

Ehm... Tapi bukannya setiap masalah itu pasti ada jalan keluarnya???

Just Bryan said...

@katobengke: Monggo di translate
@arqu3fiq: Ilmu memang hebat..hidup ilmu..
@Frenavit: Memang bner sih, tapi aku masih ngrasa banyak masalah yg belum ditemuin jalan keluarnya..

a said...

ambil kamus mode 'on'

ternyata harus rajin nge Patch juga ya...

aR_eRos said...

*muter-muter cari kamus*
bahasa mana sih ini ?

kacrut said...

boleh sumbang saran gak??

templet mu aboot banget..

kayaknya latar belakangnya kagak usah dah.. lagian gak keliatan ini kan?? ketumpuk sama putih2..

sumpah uanteb.. nggarai males buka belog mu opo maneh komeng..!!!

Just Bryan said...

@a : Iya, tu katanya microsoft..
@Eros : B.Inggris ros..*dasar katrok*
@Kacrut : Maaf..maaf..tapi kalo saya ngenet di server warnet gak terlalu lmbat..
Terima kasih kritik dan sarannya, sudah saya perbaiki sedikit..
@All: Ternyata duluan postingan saya daripada jawapos(Metropolis-Techno/20-01-09)..hehehe

Silahkan Berkomentar

Saya sangat menghargai apapun bentuk komentarnya selama bukan SPAM dan tidak menyinggung SARA..hehehe
Bagi yang meninggalkan jejak disini mari tukeran link..

Blogilicious de Surabaya