April 1 has come and gone, and yet the world remains. April Fool’s Day, or Doomsday, if you believe the fear mongering hype, did not lead to worldwide disaster as many expected. But are we in the clear? Nope. Just because Conficker has not acted yet doesn’t mean it never will.
Since it was first detected in November of 2008, the Conficker worm spread like wildfire. Utilizing advanced malware techniques, the worm targeted Windows users who did not update with a patch Microsoft released in October. It even used removable media like USB drives to spread from PC to PC and through network shares by guessing usernames and passwords. Conficker is now the largest computer worm infection since SQL Slammer in 2003. Once infecting a PC, the worm simply waited until its activation date of April 1.
On April 1, the Conficker worm, which had infected its 3 to 15 million computers, started its daily task of contacting 500 websites from a randomly generated list of 50,000. The worm is looking for instructions on what to do next. Conficker-infected PCs could easily steal the identity of users or even erase data. But as of today, Conficker has not received instructions to do anything. At least, not yet.
So what was the point in creating Conficker if the creators aren’t going to use it? One possible scenario, and what I beleieve is the real reason, is that the worm is controlled by an organized crime syndicate in Asia, Eastern Europe, or South America. Having no use for the data obtainable by Conficker themselves, the crime syndicate may simply rent out control of the worm to the highest bidder.
But the scenario becomes even more exciting when you consider the Conficker Cabal meeting in secret and combining their efforts to thwart the worm. The alliance, spear-headed by Microsoft, includes Afilias, ICANN, Neustar, Verisign, China Internet Network Information Center, Public Internet Registry, and many others. On February 13, the group announced a quarter million dollar bounty for information leading to the arrest and conviction of the Conficker creator.
It just goes to show you how important patching really is. The programming hole that allowed Conficker to propagate is inexcusable, but Microsoft did respond quickly with a patch as early as October but apparently no one could be bothered to deploy it.
You must log in to post a comment.