Fighting Conficker

I have mentioned several times that Conficker is considered the most dangerous virus to date.

The Atlantic Monthy magazine has a great article titled The Enemy Within on the history of Conficker and where we are now. It’s a fascinating read for both technical security buffs and non techies.

It starts:

The Enemy Within by Mark Bowden

When the Conficker computer “worm” was unleashed on the world in November 2008, cyber-security experts didn’t know what to make of it. It infiltrated millions of computers around the globe. It constantly checks in with its unknown creators. It uses an encryption code so sophisticated that only a very few people could have deployed it. For the first time ever, the cyber-security elites of the world have joined forces in a high-tech game of cops and robbers, trying to find Conficker’s creators and defeat them. The cops are failing. And now the worm lies there, waiting …

Image credit: Alex Ostroy

Conficker Arrives

ArmageddonIs it time to buy those boxes of ammo and head for the hills? We’ll see.

This Wednesday, April 1st the Conficker worm will do something. No one knows what. But it has security experts up late. It is believed that at one point Conficker was on 6% of the world’s PCs. This has been reduced dramatically by the work of Microsoft in issuing special patches for the worm. But hundreds of thousands of PCs are still estimated to be infected.

Early this month, Symantec’s security researchers began noticing that the worm was changing in order to avoid steps to interrupt the worm’s links with its hacker controllers. The first versions of the worm generated a list of 250 possible domains each day that could be used to route instructions from hackers. The new edition uses a list of 50,000 URLs in order to overwhelm security researchers.

Typically hackers use large botnets of computers to commit distributed denial of service (DDOS) attacks against websites. The hackers will demand that large websites pay them in order to be spared.

If you are worried about your computers or those of people you love, you can read Microsoft’s alert and my earlier post on how to prevent and remove the virus.

Down & Up Worm Worst Ever

Over the last few months, the “Down and Up” worm, also known as “Conficker” has infected an estimated 6% of all PCs worldwide. The concern is what the authors will now do with all these compromised systems. They could ask for credit card information as the bogus Antivirus 2009 does. They could use the computers to attack and demand money from websites through denial of service (DOS) attacks. No one knows yet what the intentions of the authors are.

It is considered the most professional and pernicious worm attack that researchers have yet seen. It effects all versions of Windows. As a worm, it does not require any user action for the computer to be compromised. The machine must just not be recently patched.

Download the Malicious Software Removal Tool (also available in Windows Updates) in order to protect your computer or to possibly get rid of the worm (most people who have it do not know). Then you can feel comfortable that your computer is owned by you and not by the bad guys.