Conficker Attacks 700 University of Utah PCs

Conficker attacked more than 700 computers at the University of Utah, including computers at three of the school's hospitals. The Conficker worm has been attacking the Web with malware and attempting to lure users into downloading fake anti-virus software. Meanwhile, a Twitter worm is also wrecking havoc online.

The dreaded Conficker worm made an appearance at the University of Utah heading into the weekend, attaching more than 700 computers and spreading its malware to the university's three hospitals.

A spokesperson for the university insisted that patient records remain unaffected. According to a report by the Associated Press, campus IT cut off online access for up to 6 hours on April 10, in a bid to isolate Conficker before it could cause further damage.

Conficker was first detected on campus on Thursday, April 9. In addition to infecting hospital computers, Conficker also infiltrated systems in the medical school and the colleges of nursing, pharmacy and health.

Administrators had informed staff and students on the best practices for scrubbing Conficker from computers and auxiliary devices such as smartphones.

The updated version of the Conficker worm continues to wreak havoc worldwide, both by downloading malware connected to the Waledac botnet and attempting to lure users into downloading fake anti-virus software.

On April 9, eWEEK reported that Conficker had been observed downloading a file detected by Kaspersky Lab as FraudTool.Win32.SpywareProtect2009.s. Upon running the file, the user is asked to pay $49.95 to remove the "detected threat."

The Waledac malware, once downloaded by Conficker, steals passwords and converts users' systems into spamming bots.

Although expected to launch its attacks on April 1, Conficker decided to wait roughly a week before spreading its payload via peer-to-peer between infected computers.

Also in malware news, Twitter was infected by a worm over the weekend that caused user accounts to generate a spam message reading "Mikeyy." According to reports, the worm was created by 17-year-old Mike Mooney "out of boredom."

The worm began its rounds at 2 a.m. on April 11 from four accounts, before expanding to 100 accounts and sending nearly 10,000 spam "tweets" by the afternoon of April 12. The infected accounts had been secured, according to the company.

Twitter co-founder Biz Stone suggested there will be repercussions against the worm's creator, citing a MySpace precedent.

"The worm introduced to Twitter this weekend was similar to the famous Samy worm which spread across the popular MySpace social-networking site a while back," Stone wrote in an April 12 corporate blog post. "At that time, MySpace filed a lawsuit against the virus creator, which resulted in a felony charge and sentencing. Twitter takes security very seriously, and we will be following up on all fronts."

Stone also emphasized that "no passwords, phone numbers or other sensitive information was compromised as part of these attacks."