The Conficker Worm has been harassing computer network security administrator's for months since it climbed out of the internet underground sometime in 2008. It is about to get a fresh update on April 1, 2009 and security officials are bracing for the impact that the upgrade might have.
Before we get too far you should know what a worm is. Here are some definitions to put it into perspective.
Virus - a computer program that can copy itself and infect a computer without the permission or knowledge of the owner.
Trojan Horse - a computer program that may be legitimate but has secondary illegitimate objectives. For instance, a computer program that lets you burn DVD's but also opens a backdoor in your computer to let a hacker get in and control the computer of the user.
Worm - a self-replicating computer program. Unlike a virus, it does not need to attach itself to an existing program.
Though they sound similar, they are considerably different. Right now the Conficker worm is tearing through the internet and business computers like the sands of the desert planet Arrakis (Dune). It has infected as many as 10 million business computers with many high profile computers noted such as French Air Force, Royal Navy Warships and Submarines, Sheffield Hospital network, UK Ministry of Defence, and Norwegian Police. It has also infected scores of individual users alike. A simple action such as using a USB drive on an infected computer and then using that same USB drive on another computer will be enough to spread the infection.
The problem with the Conficker Worm is that it is ever evolving, meaning that it gets updates from it's creator(s) periodically so it's always one step ahead of the security "police". For instance, at one point (when the worm was first detected) Microsoft (MS) released a patch to fix the hole the worm was using to wreak havoc. Then shortly after, the worm updated and found a new hole to use to infect systems. What's worst is the worm uses a different site to update out of a list of 50,000. To say the least, security experts are impressed with the Conficker worm's ability to adapt and lead experts on wild goose chases.
What's interesting about this story now, is that the worm has stopped spreading. It is becoming more defensive in nature. Instead of finding ways to infect more computers, the creator(s) are taking measures to ensure that the computers that are infected with the Conficker Worm, stay infected. For instance, an infected computer may not be able to install any anti-virus programs or go to any anti-virus program web sites. It's as if the creator(s) want to protect the worm's install base by removing the worm's ability to replicate itself, which would suggest they believe they already have enough infected computers to accomplish whatever they are planning to do.
Though the worm is believed to have originated in the Ukraine, no one knows for certain. MS is concerned enough about the damages that may ensue (or have been caused), they have put a $250,000 bounty on any information leading to the creator(s) of the worm. I have never heard of a bounty (or such a large one) being put out for the creator(s) of malware. It's interesting to see where this will go.
The bottom line... IT security experts are reluctant to say "the end of the world is at hand", but the worm is set to update on April 1st, 2009, with unknown consequences.
No comments:
Post a Comment