Australia and New Zealand Banking Group today confirmed it had become the victim of a computer virus attack, with sources saying it was the much-hyped Conficker worm.
I'd say there are a lot of Australian corporates that are infected.
Chris Gatford, Pure Hacking
"We have detected a known virus affecting some internal desktop services on the ANZ network," a spokesperson for the bank told ZDNet.com.au today, saying that the virus had been contained and there hadn't been any disruption to its business or implications for information security.
The spokesperson did not specify which virus had infected the bank's desktops, but ZDNet.com.au believes it is a variation of the Conficker worm.
Microsoft and Symantec are understood to have been asked to advise on the situation, which was said to have affected no customer facing machines, but Symantec declined to comment and Microsoft had not responded at the time of publication.
Conficker uses an exploit in Microsoft Windows or Microsoft Server to gain access to machines. It spreads by either sending out remote procedure calls to other machines or via external devices such as USB. There was widespread concern around the beginning of last month as the virus, which can download modified versions of itself, was set to mutate on 1 April.
Media and analysts were concerned that the virus might install new malware on the computers which could having varying purposes, from spamming other machines to stealing banking passwords. However, the disaster which had been predicted didn't occur until later.
Reports came out that one variation of Conficker had slowly became more active during the month after 1 April and was installing a virus called Waledac which sent out reams of spam; as well as installing a fake anti-spyware program called SpywareProtect 2009.
Chris Gatford, senior security consultant at penetration testing firm Pure Hacking said that there were many more dangerous viruses out there which the bank could have. He said that Conficker had only received so much attention because there were good tools to detect it.
He admitted that there had been angst due to uncertainty over what Conficker's creators were going to use it for and said that the viruses Conficker installed on infected machines were likely to continue to change. He also pointed out that the level of spam could rise.
"Bear in mind that the spam side of Conficker has so far been very low," he said, with machines sending around 10,000 spam mails a day. "That could change any time," he said, adding that they could conceivably send around 600,000 a day, which could cause serious network congestion.
As to the possibility of ANZ having contracted the virus, Gatford said he wouldn't be surprised. "I'd say there are a lot of Australian corporates that are infected," he said.