Conficker: Doomsday, or the World's Longest Rickroll?
When it comes to criminal hackers, establishing motive is usually a no-brainer: In a majority of cases, computer worms and viruses are little more than tools that bad guys use to make money. But every so often, a prolific and sophisticated worm or virus emerges that isn't so obviously connected to a financial scheme.
Almost every time this happens, people start to get nervous and spin wild theories about the threat, until the hype surrounding said threat starts to reach a fever pitch. This is exactly what's happening with the latest version of the worm dubbed "Conficker," a contagion that has infected millions of PCs worldwide.
Computers already infected by the worm are supposed to be automatically updated with some unknown software component on April Fools Day. That's more or less the sum of what computer experts know about the rhyme or reason behind this worm, but it hasn't stopped pundits and the press alike from issuing ominous warnings.
The Sun, in London, blares: "MILLIONS of computers around the world could go into meltdown on April 1 because of a deadly virus. The Windows worm called Conficker could give a hacker unrestricted access to every infected machine on the planet."
The take from Canada's The Globe and Mail begins ominously: "Deep within the World Wide Web, there is an undercurrent of potential chaos building - a malicious piece of code that has already prompted the French military to ground some fighter planes."
I think part of what's fueling the sense of dread and uncertainty around Conficker is that the latest version seeks to avoid barriers erected earlier this year in a bid to defeat the spread of the worm. For example, the last version of the worm -- Conficker.b -- told infected systems to visit one of 250 new Web sites each day to try to download an unknown secondary component.
That second-stage download never happened because the security community came together in an extraordinary and unprecedented effort to temporarily set aside the domains being sought by the Conficker botnet. The Conficker Cabal as it came to be called, also had to win the cooperation of several sovereign nations, since many of the domains were created in country-code domains controlled by those nations, such as China's dot-cn and Western Samoa's dot-ws.
In response, the worm's authors upped the ante by shipping Conficker.c, which increased the number of download domains to 50,000, and the number possible country-code domains in which those Web site names could be registered to 110.
You would hardly know it from the press reports so far, but the Conficker Cabal has not been sitting idly by in the face of this new threat. According to Cabal member Rick Wesson, chief executive at San Francisco based security firm Support Intelligence, the group has managed to engage all but one of those countries so far -- the Republic of the Congo.
Wesson said the group's efforts are ongoing but already bearing fruit.
"It's going surprisingly well," he said. "Many countries have already implemented mechanisms to prevent the registration of Conficker domains."
Security software maker F-Secure has put together an interesting and entertaining FAQ on Conficker, which I highly recommend that anyone worried about this threat go read. F-Secure also has a free cleaning tool available at that link. Byron Acohido at USA Today has compiled a very readable timeline of notable events in Conficker's brief history.
What I find most fascinating about Conficker is that its real legacy may well turn out to be beneficent. To date, there really hasn't been a threat that has given countries on opposite ends of the globe a unifying, urgent reason to work against a single Internet menace. Yet, due to the work of the Conficker Cabal and affected parties, that is starting to change.
"We're literally relying on people in Latvia to protect computer networks in Brazil, and the other way around, too, so each country has some capability and some responsibility once they understand the role they can play here," Wesson said. "No matter what happens with Conficker, it's created something here....a beautiful opportunity to bring cyber security to the kitchen table."
March 27, 2009; 7:40 AM ET
Categories: From the Bunker , Latest Warnings , Safety Tips
Save & Share: Previous: Hacked File-Upload Accounts Prized by E-Jihadis
Next: Happy 4th Birthday, Security Fix
Posted by: anonymousk104 | March 27, 2009 8:31 AM | Report abuse
Posted by: XanderB | March 27, 2009 8:37 AM | Report abuse
Posted by: johnfranks999 | March 27, 2009 10:06 AM | Report abuse
Posted by: XanderB | March 27, 2009 11:29 AM | Report abuse
Posted by: ThomasWhitney | March 27, 2009 1:43 PM | Report abuse
Posted by: BTKrebs | March 27, 2009 2:03 PM | Report abuse
Posted by: stephendavis87 | March 27, 2009 6:09 PM | Report abuse
Posted by: BTKrebs | March 27, 2009 8:14 PM | Report abuse
Posted by: stukushner | March 30, 2009 12:30 AM | Report abuse
Posted by: Rixstep | March 30, 2009 2:50 AM | Report abuse
Posted by: Rixstep | March 30, 2009 2:51 AM | Report abuse
Posted by: RogParish | March 30, 2009 8:48 AM | Report abuse
Posted by: pinfinity | March 31, 2009 8:35 AM | Report abuse
Posted by: 0commonsense | March 31, 2009 6:32 PM | Report abuse
Posted by: Rixstep | April 1, 2009 1:56 AM | Report abuse
Posted by: Rixstep | April 1, 2009 2:22 AM | Report abuse
Posted by: Rixstep | April 1, 2009 2:24 AM | Report abuse
Posted by: Rixstep | April 1, 2009 2:27 AM | Report abuse
Posted by: 0commonsense | April 1, 2009 8:48 PM | Report abuse
The comments to this entry are closed.