Network News

X My Profile
View More Activity

Conficker: Doomsday, or the World's Longest Rickroll?

When it comes to criminal hackers, establishing motive is usually a no-brainer: In a majority of cases, computer worms and viruses are little more than tools that bad guys use to make money. But every so often, a prolific and sophisticated worm or virus emerges that isn't so obviously connected to a financial scheme.

Almost every time this happens, people start to get nervous and spin wild theories about the threat, until the hype surrounding said threat starts to reach a fever pitch. This is exactly what's happening with the latest version of the worm dubbed "Conficker," a contagion that has infected millions of PCs worldwide.

Computers already infected by the worm are supposed to be automatically updated with some unknown software component on April Fools Day. That's more or less the sum of what computer experts know about the rhyme or reason behind this worm, but it hasn't stopped pundits and the press alike from issuing ominous warnings.

The Sun, in London, blares: "MILLIONS of computers around the world could go into meltdown on April 1 because of a deadly virus. The Windows worm called Conficker could give a hacker unrestricted access to every infected machine on the planet."

The take from Canada's The Globe and Mail begins ominously: "Deep within the World Wide Web, there is an undercurrent of potential chaos building - a malicious piece of code that has already prompted the French military to ground some fighter planes."

I think part of what's fueling the sense of dread and uncertainty around Conficker is that the latest version seeks to avoid barriers erected earlier this year in a bid to defeat the spread of the worm. For example, the last version of the worm -- Conficker.b -- told infected systems to visit one of 250 new Web sites each day to try to download an unknown secondary component.

That second-stage download never happened because the security community came together in an extraordinary and unprecedented effort to temporarily set aside the domains being sought by the Conficker botnet. The Conficker Cabal as it came to be called, also had to win the cooperation of several sovereign nations, since many of the domains were created in country-code domains controlled by those nations, such as China's dot-cn and Western Samoa's dot-ws.

In response, the worm's authors upped the ante by shipping Conficker.c, which increased the number of download domains to 50,000, and the number possible country-code domains in which those Web site names could be registered to 110.

You would hardly know it from the press reports so far, but the Conficker Cabal has not been sitting idly by in the face of this new threat. According to Cabal member Rick Wesson, chief executive at San Francisco based security firm Support Intelligence, the group has managed to engage all but one of those countries so far -- the Republic of the Congo.

Wesson said the group's efforts are ongoing but already bearing fruit.

"It's going surprisingly well," he said. "Many countries have already implemented mechanisms to prevent the registration of Conficker domains."

Security software maker F-Secure has put together an interesting and entertaining FAQ on Conficker, which I highly recommend that anyone worried about this threat go read. F-Secure also has a free cleaning tool available at that link. Byron Acohido at USA Today has compiled a very readable timeline of notable events in Conficker's brief history.

What I find most fascinating about Conficker is that its real legacy may well turn out to be beneficent. To date, there really hasn't been a threat that has given countries on opposite ends of the globe a unifying, urgent reason to work against a single Internet menace. Yet, due to the work of the Conficker Cabal and affected parties, that is starting to change.

"We're literally relying on people in Latvia to protect computer networks in Brazil, and the other way around, too, so each country has some capability and some responsibility once they understand the role they can play here," Wesson said. "No matter what happens with Conficker, it's created something here....a beautiful opportunity to bring cyber security to the kitchen table."

By Brian Krebs  |  March 27, 2009; 7:40 AM ET
Categories:  From the Bunker , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Hacked File-Upload Accounts Prized by E-Jihadis
Next: Happy 4th Birthday, Security Fix


Posted by: anonymousk104 | March 27, 2009 8:31 AM | Report abuse

I will laugh if nothing happens on April 1st other than a desktop wallpaper that says "April Fools from Conficker!".

Posted by: XanderB | March 27, 2009 8:37 AM | Report abuse

I'd exercise caution, update my protections and keep in mind: The bigger the system, the harder the fall. Most companies enjoy “security” insofar as they haven’t been targeted, or had an employee make a human error with catastrophic exposure (whether exposing sensitive data, or exposing the company to malware, etc.). Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and malicious harm are due to a lagging business culture – absent new eCulture, breaches will, and continue to, increase. As CIO, I’m constantly seeking things that work, in hopes that good ideas make their way back to me - check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome – or propagate one.

Posted by: johnfranks999 | March 27, 2009 10:06 AM | Report abuse

Very true johnfranks999, no amount of security features can overcome human error.

Posted by: XanderB | March 27, 2009 11:29 AM | Report abuse

Here is an educational site that outlines some of the more important aspects of digital security:

I think the point that has already been made here is that the threat is out there and it's a process to try to combat it at all times.

Posted by: ThomasWhitney | March 27, 2009 1:43 PM | Report abuse

Thomas -- Please stop using these comments to promote your blog. Thanks.

Posted by: BTKrebs | March 27, 2009 2:03 PM | Report abuse

I thought if you had Conficker you would be blocked from the F-secure site, so what good is a cleaning tool on a blocked site.

Posted by: stephendavis87 | March 27, 2009 6:09 PM | Report abuse

they can go to instead

Q: Now I'm worried. How do I know if I'm infected?
A: Try to surf to If you can't reach our website you might be infected, as Downadup/Conficker blocks access to security vendor's websites. Don't tell anybody, but users who can't access because of this can surf to instead.

Posted by: BTKrebs | March 27, 2009 8:14 PM | Report abuse

It is a never-ending battle. I find it interesting that security holes and threats are not usually a big problem until AFTER the media reports on them. That triggers a swell in hacker interest and a scramble by the application vendors to plug the hole. So, sometimes, no publicity is best.

Stu Kushner

Posted by: stukushner | March 30, 2009 12:30 AM | Report abuse

If people wanted to use caution they wouldn't be on Windows in the first place.

Posted by: Rixstep | March 30, 2009 2:50 AM | Report abuse

It is not a never ending battle. Or at least not the one you think. All you have to do is get off Windows. The only battle of interest is convincing you to do it. The day the world leaves Windows - it's going to be a very quiet day.

Posted by: Rixstep | March 30, 2009 2:51 AM | Report abuse

It is rather simplistic, not to mention impractical, to suggest that the solution is to stop using Windows.

That is like saying the cure for automotive fatalities is to stop using cars. True, but highly impractical, if not impossible.

Posted by: RogParish | March 30, 2009 8:48 AM | Report abuse

It certainly is practical. We switched to Mac OS X, Ubuntu and Slitaz Linux and have no concerns over Conficker or any other Windows afflictions.

Posted by: pinfinity | March 31, 2009 8:35 AM | Report abuse

Actually, if everyone switched to Mac, so would the hackers. The only reason PC's get hit more often, is because the majority of the population uses them. I'm not saying a switch to Mac wouldn't work, just that if everyone did it, it wouldn't.

Posted by: 0commonsense | March 31, 2009 6:32 PM | Report abuse

Even if it's only a rickroll it's still a bloody nuisance.

Posted by: Rixstep | April 1, 2009 1:56 AM | Report abuse

I like the Sun article. It scares people. And that's good. They should be scared. Into action. Instead of laming around as lethargic as they normally are. Into action so they get away from Windows. This has gone on for almost ten years now and it's enough. Unix doesn't get hit. Period. And it never will. Windows will never be fixed. And both the GAO, Gartner, and about every conscionable security expert in the world have been trying to tell people so for the longest time. Perhaps the Sun article will actually get a few people to react. That's a Good Thing™.

Posted by: Rixstep | April 1, 2009 2:22 AM | Report abuse

Your street corner logic doesn't work in the realm of computer science. You know the old saying about keep your mouth closed and people can suspect you're a fool but when you open it... ? Try that.

Posted by: Rixstep | April 1, 2009 2:24 AM | Report abuse

Not true. That reverts to security through obscurity and that never works. The worms and trojans are one thing; the media hysteria is another; both are bad. But without such a dumb system connected to the Internet you'd have very little of either.

Posted by: Rixstep | April 1, 2009 2:27 AM | Report abuse

It's just plain ignorant to believe that your Macs are immune to malware. There are simply more malicious code writers attacking PCs than there are Macs, because more people use PCs than Macs.

Posted by: 0commonsense | April 1, 2009 8:48 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company