The Conficker threat, is this another Y2K?
There seems to be no lack of technology press on this piece of crime-code, that is set to go off on April 1st. The largest concern is that nobody seems to know what the Command-and-Control (C&C) computers will instruct the infected systems to do on April 1.
For myself, and the company I work for, we are safe for the technical exploit, since we do not run MicroSoft systems, and non-MS systems by all indications are perfectly safe from becoming part of the botnet.
Conficker is a program that is spread by exploiting several weaknesses in Microsoft’s Windows operating system. Various versions of the software have spread widely around the globe since October, mostly outside the United States because there are more computers overseas running unpatched, pirated Windows. (The program does not infect Macintosh or Linux-based computers.)
The speculation is that the bots will try to access a pool of 50,000 different domains (something we can determine by examining the code) looking for it’s C&C. The problem is that defensivly registering the 50,000 domain names is something that nobody seems to want to, or capable of doing.
Other crimeware uses similar technolgy to look for different C&C systems based on a predictable algorythm, this is nothing new or groundbreaking. The size of the pool is by far the largest I have heard of, so that is new.
There are likely man different ways that the nentire network can be thwarted, if the registrars, backbone providers and ISP’s all co-operate (fat chance) to null-route any of the 50,000 domains that might be registered and directed to the C&C systems. That alone makes me think this is much ado about nothing.
Should people running computers infected with Windows ignore this potential threat. Obviously they need to take the possiblity their computer is infected, VERY seriously. If they are unable to switch to a operating system without so many security issues, then they should at least make sure their computer is not exploited.
Later today I will compile a list of reliable links to instructions/software for mitigation the threat on your own computer. As far as the massivly parallel monster system this botnet might become on April 1st…well.. we won’t have to wait long to find out if this is a boy craying wolf, or the real thing.