Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Pirated Windows XP in Malaysia blamed for increase of Conficker threats

AvantiKumar | Oct. 30, 2013
F-Secure's latest threat report shows that more than 20,000 attacks related to the WIN32/Downadup worm are linked to pirated versions of Windows XP and legacy systems.

1 F-Secure - Su Gim modified 

Photo - Goh Su Sim. Security Advisor, F-Secure Malaysia


F-Secure's latest threat report included more than 20,000 instances of attacks in Malaysia between January and September 2013 relating to the WIN32/Downadup (aka Conficker) worm may be linked to the prevalence of pirated unpatched versions of Windows XP operating system and legacy systems, said the security firm.

"This five-year-old virus [Conficker], which spreads through the Windows system, is still prevalent today and affects older platforms, especially Windows XP systems that are unpatched," said F-Secure Malaysia security advisor, Goh Su Sim.

"This involves two factors: one, pirated versions of Windows XP are widely available in Malaysia," Goh said. "Of course, when you use non-original versions, you most likely cannot connect to the latest updates to update your system and this can result in your system being vulnerable to attacks. Two, there are a lot of legacy applications running, for example in banks, which prevent OS upgrades."

In Malaysia, the most infected locations are Kajang, Kuala Lumpur and Batu Caves, he said.

While the worm is known to wreak havoc on the OS, Goh said that the solution was relatively simple, and that is to patch systems to avoid potential disasters.

"Microsoft issued a patch for the threat in 2008 when they detected the vulnerability in their software," he said. "Unfortunately, a lot of IT administrators and personnel here are not doing enough patching to keep their servers or systems up to date. Hackers are quick to take advantage of these loopholes. It's like having a door with a lock that doesn't work, and you know it's not been working for the past five years, but you haven't done anything to fix it."

Goh said as well as updating the patches, another recommendation is to minimise the attack surface. "For example, because of the high vulnerability of Java plug-ins, users are recommended to disable or uninstall Java if we do not use it, as not all programs require Java to run."
Android and increasing mobile threats

Goh Su Sim said the report also showed that mobile malware in Malaysia was increasing especially due to the Android platform. "The number of Android malware has doubled each year since 2011, and about 77 percent of the new mobile malware is profit-motivated."

He said hackers are starting to turn their focus to mobile devices as there is now money to be made hacking smartphones as well. "This reflects the speed of which people have started adopting Android platforms and in tandem, how fast viruses are being written for them. It's not so much about which platform is safer, rather, because more than 70 percent of the market is now made up of Android users, hackers tend to focus on the larger share of the pie."

Goh said 358 new families and variants of Android malware were discovered by F-Secure Labs in the first half of 2013, nearly doubling the total number of malware the Labs has ever discovered, to 793. Symbian followed with 16 new families and variants discovered, while no new families or variants were discovered on other mobile platforms.
About 77 percent, of the new malware for smartphones has been found to be profit-motivated, he said. "Malaysian mobile users are hit by potentially unwanted applications such as adware and money-stealing viruses known as premium SMS malware. Your smartphone today contains more information than your PC - it knows your lifestyle and habits, and marketing companies love this information. There are viruses that track all your information and sell it to marketing companies," he said.

Note: F-Secure Labs focuses on counting the numbers of families and variants of malware rather than the number of unique samples. To attempt to avoid detection of their malware, cyber criminals use automation that makes slight changes to malware code - resulting in new malware samples that are fundamentally still the same malware family or variant. Counting families and variants rather than samples provides a more realistic measurement of threats.


Sign up for CIO Asia eNewsletters.