John Murrell writes: After the big build-up it’s gotten, if the massive botnet assembled by the Conficker worm
doesn’t do something on Wednesday that snarls Internet traffic, crushes
key sites with targeted attacks and siphons off whatever the recession
has left in millions of bank accounts, it’s going to be the biggest
tech anticlimax since the Millennium Bug. When a malware threat makes
it into a mainstream spotlight like a “60 Minutes” report, as Conficker did Sunday, people start to expect big things.
Of course, what makes this worm a good hook for a story is that
nobody knows what to expect. In successively more sophisticated
iterations, Conficker has been spreading since November, infecting
machines mostly on corporate networks but in homes as well — but only
unpatched Windows machines, a point “60 Minutes” somehow forgot to mention.
By some estimates, the worm now has as many as 10 million computers at
its command, a minority implanted with the latest version, which
includes new defenses and peer-to-peer abilities. Public and private
security experts have banded into an ad hoc allianceknown
as the Conficker Cabal to try to thwart the malware’s machinations, and
Microsoft posted a $250,000 bounty on the head of Conficker’s author.
There are indications in the code that come April 1, the infected
machines will start trying to reach one of 500 domains randomly
selected from 50,000 possibilities and Ö do something. And it’s that still hidden agenda that has people on edge.
Maybe the next instructions will be to download and activate some nasty
payload for data theft, spam generation or denial-of-service attacks.
Or maybe the command will be just to wait for further instructions. Or
maybe nothing new will happen at all — the zombie machines are already
checking a list of 250 domains for new updates as it is.
So how concerned do you need to be?
About infection — if you’re a Mac, Linux, or reasonably prudent Windows
user (i.e. you keep both your OS and your antivirus up to date), you
can relax; if you have doubts, run F-Secure’s Easy Clean
or something comparable. About Conficker doing something terrible to
the Internet on Wednesday — there’s nothing certain about that date,
and given that botnets are generally built as profit-making criminal
enterprises, breaking the Net would be counterproductive. About the skills
and goals of the people behind the worm — mmm, that’s still worth
worrying about. “They are using tactics that are probably the most
complex and sophisticated botnet tactics we’ve seen to date,” said Paul
Ferguson, an advanced-threats researcher for Trend Micro. “This is very
professionally architected design and development.” (04/01/09)
more…