The Conficker worm has supposedly already infected millions of PCs around the world and it has plenty of people worried what exactly it is up to. What is known is that the next scheduled "update" for the worm is ironically enough, April Fools’ Day. Look at that, malicious hackers with a sense of humor. Apparently though, Microsoft is not seeing any humor in the situation, given that they offered up a $250,000 bounty for the creator.
What is the Conficker worm?
The Conficker worm gets its name from a combination of two words—"configuration" and the "nicer" way of saying f**ker. How clever. And it seems as though it may just fit its namesake.
It is amazingly sophisticated and resilient. It has built-in p2p and digital code-signing technology, and it apparently is happiest killing security software. Friendly little bugger, huh? Pretty easy to see why Microsoft hates it so much.
The thing is, Conficker isn’t even a new worm. It started out, according to Vincent Weafer, VP at Semantic Security Response, as a "not very successful worm" way back in November. It attacked and exploited a remote server vulnerability of Microsoft’s, but since this specific vulnerability had already been made known, only systems that were not up to date were affected. Conficker: The B and C revisions
But, it didn’t stop there. Next came the B release, which was a whole lot more successful. It went and infected millions of unpatched systems. Because of its p2p abilities, it pushes its way into open shared folders and printers, so it can zoom easily through a networked system. What makes it more threatening is that it also piggybacks onto USB flash and hard drives. It is designed to fight back, disabling Windows Updates, and destroying security software. It gets in deep.
Last month saw the release of the it’s latest launch, the C release. It goes after computers already infected with B, not new machines. The p2p abilities are extended, now we have digital code-signing. It only accepts trusted code updates from itself. So, a neutralizing code can’t simply be injected. It also got better at killing off security software with the patch. And the domains it attempts to contact with instructions jumped from 250 to 50,0000. So, at this point, security experts hands are kind of tied with stopping it. It looks to be as though April 1 will be the day it receives its next commands.
What is going to happen on April 1st?
And that is where all the hoopla comes in. What exactly are the instructions going to be? No one really knows. Some speculation has been that it will setup what is known as the "Dark Google" syndicate, where it would allow it to scour "zombie machines" all over the place for data to sell. Other theories are the launch of a massive denial-of-service attack, or the generation of waves of spam that could crash servers all over the place.
A main theory is that it is a kind of "computer for hire" scheme. Previous botnets were designed so they could be split up and rented out through black market schemes, according to security researchers. But researchers think it may imitate the biggest fad in the computer industry right now—cloud computing. With this, companies sell computing as a service over the Net.
Some theorize however, that it may be absolutely nothing. But Weafer states "you can bet" that other malmare writers have their eye on it all, watching to see his level of success. Because his results could clearly show others the path of developing a similar threat and attack, which could be taken in wicked directions.
Stay patched
Microsoft Report’s Ed Bott says if your system is patched and up to date, you will probably be just fine. (probably?) And while there is the off chance that April 1st will cause computers to self-destruct, there is a much higher chance you will just see a bunch of spam for Viagra in your inbox.
Source:
Confiker Worm
