Conficker Eye Chart

Conficker's April 1 update has come and gone. Since then it has updated via P2P software but still hasn't caused any problems (at least nothing noticeable). Still, better safe than sorry. In case you may not know, here is a Conficker "eye chart" you use to see if your computer is infected with the Conficker worm. Click the link and look at the eye chart. If you see all the icons, you're safe. If not, then there is a list of what is possibly wrong with your computer below the picture.

Conficker Worm a Bust

Conficker worm day (aka let's-get-the-world-paranoid-over-nothing day) has come and gone. Reminds me of the Y2k scare back at the turn of the millenium. All talk and no action. Oh well, that's good news anyway... or maybe the Conficker worm's creator(s) are waiting for a more inconspicuous date to perform their assault against the world. MWWAAHHHAAAHHAAA. Probably not though.

What is happening actually, is the worm is "dialing home" but no one is answering. IT Security experts are saying that with all the publicity and people all over the world watching the worm's actions, the boss(es) of the worm do not want to give away their plans or have anyone figuring out who they are. Right now the boss(es) are just lying low and not responding to the ~ 10 million infected computers desperately waiting for new instructions. Unfortunately, everyday in the future could be the day that the boss(es) give the worm an update which could be anything from a practical joke to something that could have seriuos repercussions worldwide. Only time will tell.

China Again!?! Say It Ain't So

The latest information about the Conficker worm is pretty disturbing. People at BKIS, a Vietnamese security firm that makes the BKAV antivirus software, announced today that they found clues that the virus may have originated from China.

This conclusion was based on the firm analyzing the virus' coding. It found that Conficker's code is closely related to that of another virus (the Nimda virus) that is believed to have been made in China.

I spoke about the Conficker worm in a previous post. This news is interesting because originally they were thinking that it may have originated in Europe or Russia and with the Chinese coming under scrutiny for allegedly masterminding a spynet (see previous post) across the globe, it makes you wonder what the hell is going on? Are the Chinese poised to take over the world or do they just want to know everything? I guess, like they say, knowledge is power.

The bottom line... even if the Chinese (government) were behind this, the U.S. wouldn't do anything about it. Worldwide, China has all the money. They are loaning us the money for all these bailouts that Obama is promoting. We (the U.S.) will just politely ask them, "Could you please stop with all this computer stuff. Oh, by the way, may I please have another $1 trillion dollars." We are in no position to make demands. They know they can do whatever they want.

Conficker Worm's Fury unleashes on April 1, 2009

The Conficker Worm has been harassing computer network security administrator's for months since it climbed out of the internet underground sometime in 2008. It is about to get a fresh update on April 1, 2009 and security officials are bracing for the impact that the upgrade might have.

Before we get too far you should know what a worm is. Here are some definitions to put it into perspective.

Virus - a computer program that can copy itself and infect a computer without the permission or knowledge of the owner.

Trojan Horse - a computer program that may be legitimate but has secondary illegitimate objectives. For instance, a computer program that lets you burn DVD's but also opens a backdoor in your computer to let a hacker get in and control the computer of the user.

Worm - a self-replicating computer program. Unlike a virus, it does not need to attach itself to an existing program.

Though they sound similar, they are considerably different. Right now the Conficker worm is tearing through the internet and business computers like the sands of the desert planet Arrakis (Dune). It has infected as many as 10 million business computers with many high profile computers noted such as French Air Force, Royal Navy Warships and Submarines, Sheffield Hospital network, UK Ministry of Defence, and Norwegian Police. It has also infected scores of individual users alike. A simple action such as using a USB drive on an infected computer and then using that same USB drive on another computer will be enough to spread the infection.

The problem with the Conficker Worm is that it is ever evolving, meaning that it gets updates from it's creator(s) periodically so it's always one step ahead of the security "police". For instance, at one point (when the worm was first detected) Microsoft (MS) released a patch to fix the hole the worm was using to wreak havoc. Then shortly after, the worm updated and found a new hole to use to infect systems. What's worst is the worm uses a different site to update out of a list of 50,000. To say the least, security experts are impressed with the Conficker worm's ability to adapt and lead experts on wild goose chases.

What's interesting about this story now, is that the worm has stopped spreading. It is becoming more defensive in nature. Instead of finding ways to infect more computers, the creator(s) are taking measures to ensure that the computers that are infected with the Conficker Worm, stay infected. For instance, an infected computer may not be able to install any anti-virus programs or go to any anti-virus program web sites. It's as if the creator(s) want to protect the worm's install base by removing the worm's ability to replicate itself, which would suggest they believe they already have enough infected computers to accomplish whatever they are planning to do.

Though the worm is believed to have originated in the Ukraine, no one knows for certain. MS is concerned enough about the damages that may ensue (or have been caused), they have put a $250,000 bounty on any information leading to the creator(s) of the worm. I have never heard of a bounty (or such a large one) being put out for the creator(s) of malware. It's interesting to see where this will go.

The bottom line... IT security experts are reluctant to say "the end of the world is at hand", but the worm is set to update on April 1st, 2009, with unknown consequences.