News
News spotlights:
Business | Digital audio | Gadgets | Games | Green computing | Home entertainment | Internet & broadband | Laptops | Linux | Macs | PC Peripherals & components | PC security | PCs & laptops | Mobile phones | Digital photography & video | Software | Wi-Fi & networking
News by company:
AMD | Apple | BT | Dell | Google | HP | Intel | Microsoft | Nvidia | Sony
News by product:
Windows XP | Windows Vista | Windows 7 | Apple iPhone | BlackBerry
April 1, 2009
Conficker activation passes quietly, but threat remains
Researchers say we're not out of the woods
An expected activation of the Conficker.c worm at midnight on April 1 passed without incident, despite sensationalised fears that the internet itself might be affected, but security researchers said users aren't out of the woods yet.
"These guys have no designs, I think, on taking down the infrastructure, because that would separate them from their victims," said Paul Ferguson, a threat researcher at antivirus vendor Trend Micro, calling the technology and design of Conficker.c as "pretty much state of the art".
"They want to keep the infrastructure up and in place to make it much harder for good guys to counter and mitigate what they've orchestrated," he said.
Conficker.c was programmed to establish a link from infected host computers with command-and-control servers at midnight GMT on April 1. To reach these control servers, Conficker.c generates a list of 50,000 domain names and then selects 500 domain names to contact. That process has started, researchers said.
Exactly how many computers are infected with Conficker.c is not yet known, but the estimated number of systems infected by all variants of the Conficker worm exceeds 10 million, making this one of the largest botnets ever seen.
While infected computers have started reaching out to command servers as expected, nothing untoward has happened.
"We have observed that Conficker is reaching out, but so far none of the servers they are trying to reach are serving any new malware or any new commands," said Toralv Dirro, a security strategist at McAfee Avert Labs, in Germany.
This may just mean the people who control Conficker are biding their time, waiting for researchers and IT managers to relax their guard and assume the worst is over.
"It would be pretty stupid for the guys running Conficker to use the first possible opportunity, when everybody is very excited about it and looking at it very carefully," Dirro said. "If something was going to happen, it would probably happen in a couple of days."
Time is not on Conficker's side. The worm can be easily detected and removed by users. For example, if a PC is unable to reach websites such as McAfee.com, Microsoft.com, or Trendmicro.com that is an indication that the computer may be infected.
In addition, IT managers can easily spot traffic coming from odd domain names and block access to the computers on their company networks. "The longer criminals wait, the less infected hosts they've got," Dirro said.
Additional help comes from a loose coalition of security vendors and others called the Conficker Working Group, which has banded together to block access to domains that Conficker is trying to communicate with. But it's not immediately clear whether those efforts, which have been successful at blocking earlier versions of the worm, will be effective against the activation of Conficker.c.
"We can't really say how successful the attempts at blocking them or not routing them are," Dirro said. "That's something we'll see when the first domain actually starts serving malware, if at least one starts doing that."
Despite the uneventful passing of the activation deadline, the threat presented by Conficker remains real.
"These guys are very sophisticated, very professional, very determined and very measured in how they implement and make changes to things," Ferguson said, adding that Conficker.c is better defended and more survivable than previous versions of the worm. "This activation on April 1 was probably just arbitrary and picked to cause hysteria."
At some point, the people behind Conficker.c could try to generate revenue from the botnet they've created or they could have other intentions.
"The big mystery is that there's this big loaded gun out there, this network of millions of machines that's under the control of persons unknown," Ferguson said. "They've given no indication of what their motives are other than toying with people."
See also:
Conficker's April 1 doomsday: Fact or Fiction?
<<newer story | back to index | older story>>
Submit to:
Reddit
Subscribe to PC Advisor now and claim your FREE gift
Recent reviews
- LG Chocolate BL40 review
- Dell Mini 3i review
- Samsung N510 review
- Canon Selphy CP790 review
- Canon Selphy CP790 review
- Alienware OptX AW2210 review
- Microsoft Office 2010 Web Apps review
- Microsoft Office 2010 Web Apps review
- Microsoft Office 2010 Web Apps review
- HP Photosmart A646 review
Latest reader comments
- I have written a comprehensive solution to removing the iKee virus. I have tried it out on my...
- Nothing new here - why persist with these funny little blogs/diaries.
- Steve Ballmer alone is enough to put you off any Windows products.
- @Mike74 Are you a mac guy? lol
- instant messaging sucks and is so informal.
Top news
- Analysis: the two fatal flaws in Google Chrome OS
- 10 technologies we'll miss when they're gone
- 10 technology upgrades that went badly wrong
- How to choose the right version of Windows 7
- In pictures: the Motorola Droid
Latest blog entries
- PC Advisor's winter photo competition
- Why Google Chrome OS is bad for business
- 5 things to love about Office 2010 beta
- 9 things I hate about laptops
- Why I hate Microsoft Office 2010
Sponsored Content
-
Take the internet to new places with the Nokia N800
Communicate how you want to, where you want to with instant messaging, email and internet calling. View movies, browse the internet wirelessly and watch TV on the high-resolution screen and listen through high-quality stereo speakers with headphone jack.
Buy now
Latest technology news:
Sponsored links
-
Visit the NGA Speed Conference
There's only one way to discuss next-generation internet access at high speed Visit the NGA Speed Conference for free video talks on the future of broadband and business. -
Get hands on with the BlackBerry Storm2, and win a BlackBerry smartphone!
Visit PC Advisor's BlackBerry Advisor to use our unique virtual Storm2 smartphone, and for your chance to win a BlackBerry Curve 8520. -
Custom built PCs
Visit our website to see our full range of custom-built PCs. Customise any specification and have the order dispatched the next working day. A massive range of PCs - from £250 to £1,000-plus - and a full list of low-cost components are available.
About PC Advisor | Privacy policy | Media information | Site map | Contact | About IDG
All contents ©IDG 2009 | webmaster@pcadvisor.co.uk
Comments received
Rob said on Thursday, 02 April 2009
I hope these assholes end up inside for the amount of distress they will cause 'ordinary' users and the potential damage they may cause and cost of the efforts of the 'good guys' are putting in to detect them!
fred said on Thursday, 02 April 2009
Don't set the law on these people just release their names and addresses to the world.
Voyager2615 said on Thursday, 02 April 2009
May be just Trying To Put The fear Into Uses and No
More That hopeing To cause panic WorldWide Or A
Timebomb Waiting For a Command Only Time Will tell
artleyb said on Thursday, 02 April 2009
Hasn't anybody noticed that the chosen date was April 1st - repeat April 1st? How many red faces are there?
aliriza said on Saturday, 04 April 2009
key