The remaining unanswered question is: Will it prove to be the world’s biggest April Fool’s joke or is this virus as bad as some experts believe it to be?
Conficker is a program that is spread by exploiting several weaknesses in Microsoft’s Windows operating system. Various versions of the software have spread widely around the world since October 2008, mostly outside the United States because there are more computers overseas running unpatched, pirated Windows. (The program does not infect Macintosh or Linux-based computers.)
An estimated 12 million or more machines have been infected. However, many have also been disinfected, so a precise census is difficult to obtain.
It is possible to detect and remove Conficker using commercial antivirus tools offered by many companies. However, the most recent version of the program has a significantly improved capacity to remove commercial antivirus software and to turn off Microsoft’s security update service. It can also block communications with Web services provided by security companies to update their products. It even systematically opens holes in firewalls in an effort to improve its communication with other infected computers.
Given the sophisticated nature of the worm, the question remains: What is the purpose of Conficker, which could possibly become the world’s most powerful parallel computer on April 1? That is when the worm will generate 50,000 domain names and systematically try to communicate with each one. The authors then only need to register one of the domain names in order to take control of the millions of zombie computers that have been created.
Speculation about Conficker’s purpose ranges from the benign — an April Fool’s Day joke — to far darker notions. One likely possibility is that the program will be used in the “rent-a-rogue-computer” business, something that has been tried previously by the computer underground. Just like Amazon.com offers computing time on its network for rent, the Conficker team might rent access to its “network” for devious purposes like spamming.
The most intriguing clue about the purpose of Conficker lies in the intricate design of the peer-to-peer logic of the latest version of the program, which security researchers are still trying to completely decode.
According to a research addendum to be added Thursday to an earlier paper by researchers at SRI International, in the Conficker C version of the program, the infected computers can act both as clients and servers and share files in both directions. The peer-to-peer design is also highly distributed, making it extremely difficult for security teams to defeat the system by disabling so-called super-nodes.
Conficker’s authors could be planning to create a scheme like Freenet, the peer-to-peer system that was intended to make Internet censorship of documents impossible.
Or perhaps the Conficker botnet’s masters have something more Machiavellian in mind. One researcher, by the name of Stefan Savage, a computer scientist at the University of California at San Diego, has suggested the idea of a “Dark Google.” His theory is, What if Conficker is intended to give the computer underworld the ability to search for data on all the infected computers around the globe and then sell the answers? Malware already does this on a focused basis using a variety of schemes that are referred to as “spear phishing,” in a reference to the widespread use of social engineering tricks on the Net.
But to do something like that on such a huge scale? That would be a dragnet — and a genuine horror story.
What's going to happen on April 1st 2009? will most of the internet come crashing down? will millions of computers be wiped out? Or is this like the so-called Millenium Bug? lots of sizzle, very little steak.. (oh great, now i'm hungry, should have had a bigger breakfast) We'll have to wait and see......
Hollywood couldn't write this script....
Thoughts? what do you think will happen a week from today?
Posts
2 comments:
Conficker is not the same as Y2K.
Y2K was a programming bug with some chance of causing damage.
Conficker is malicious piece of software, which almost certainly will cause some damage. Good luck to all the people using windows. No price differential between a Mac and a PC could possibly make up for this mess and worry.
the Y2K reference was an analogy.
Post a Comment