Tag Archives: conficker

Conficker – has the chaos started? (it’s April 1 in Melbourne)

UPDATED:

I recently received a link to the this analysis of the crime-ware.  Pretty sophisticated!!!  The Conficker Cabal is busy trying to measure it’s function and effectivness.  If you have the time, and the stomach for a tech article, I suggest you read this!

SRI International – Techncial Report on Conficker C

— MY PREVIOUS COMMENTS —

Wow, I can’t believe I can still access the web?!?!   It’s already April 1st in Australia (right now :  Melbourne *Wed 4:50 AM)    and the entire internet has not collapsed!

I’m trying my best to act shocked but…   I’m not a trained actor.   Maybe a few hours into April 1st is too early to call it but..  frankly..   I stand by my first post on this..   much ado about NOTHING!

For entertainment factor, here are some more alarmist articles on the ‘threat’

Conficker Worm: Hoax or Genious? — OS News

Companies encouraged to take threat seriously — SC Magazine UK

Conficker Worm: April Fools joke or ? —  NY Times Blog

Conficker – jolt or joke

The Conficker threat, is this another Y2K?

There seems to be no lack of technology press on this piece of crime-code, that is set to go off on April 1st.  The largest concern is that nobody seems to know what the Command-and-Control (C&C) computers will instruct the infected systems to do on April 1.

For myself, and the company I work for, we are safe for the technical exploit, since we do not run MicroSoft systems, and non-MS systems by all indications are perfectly safe from becoming part of the botnet.

Conficker is a program that is spread by exploiting several weaknesses in Microsoft’s Windows operating system. Various versions of the software have spread widely around the globe since October, mostly outside the United States because there are more computers overseas running unpatched, pirated Windows. (The program does not infect Macintosh or Linux-based computers.)

New York Times Technology article

The speculation is that the bots will try to access a pool of 50,000 different domains (something we can determine by examining the code) looking for it’s C&C.   The problem is that defensivly registering the 50,000 domain names is something that nobody seems to want to, or capable of doing.

Other crimeware uses similar technolgy to look for different C&C systems based on a predictable algorythm, this is nothing new or groundbreaking.  The size of the pool is by far the largest I have heard of, so that is new.

There are likely man different ways that the nentire network can be thwarted, if the registrars, backbone providers and ISP’s all co-operate (fat chance) to null-route any of the 50,000 domains that might be registered and directed to the C&C systems.     That alone makes me think this is much ado about nothing.

Should people running computers infected with Windows ignore this potential threat.  Obviously they need to take the possiblity their computer is infected, VERY seriously.  If they are unable to switch to a operating system without so many security issues, then they should at least make sure their computer is not exploited.

Later today I will compile a list of reliable links to instructions/software for mitigation the threat on your own computer.  As far as the massivly parallel monster system this botnet might become on April 1st…well..   we won’t have to wait long to find out if this is a boy craying wolf, or the real thing.