Tag Archives: Cyber Crime

Cyber Crime, Technology

Conficker – has the chaos started? (it’s April 1 in Melbourne)

Leave a comment

UPDATED:

I recently received a link to the this analysis of the crime-ware.  Pretty sophisticated!!!  The Conficker Cabal is busy trying to measure it’s function and effectivness.  If you have the time, and the stomach for a tech article, I suggest you read this!

SRI International – Techncial Report on Conficker C

— MY PREVIOUS COMMENTS —

Wow, I can’t believe I can still access the web?!?!   It’s already April 1st in Australia (right now :  Melbourne *Wed 4:50 AM)    and the entire internet has not collapsed!

I’m trying my best to act shocked but…   I’m not a trained actor.   Maybe a few hours into April 1st is too early to call it but..  frankly..   I stand by my first post on this..   much ado about NOTHING!

For entertainment factor, here are some more alarmist articles on the ‘threat’

Conficker Worm: Hoax or Genious? — OS News

Companies encouraged to take threat seriously — SC Magazine UK

Conficker Worm: April Fools joke or ? —  NY Times Blog

Technology

Conficker – jolt or joke

Leave a comment

The Conficker threat, is this another Y2K?

There seems to be no lack of technology press on this piece of crime-code, that is set to go off on April 1st.  The largest concern is that nobody seems to know what the Command-and-Control (C&C) computers will instruct the infected systems to do on April 1.

For myself, and the company I work for, we are safe for the technical exploit, since we do not run MicroSoft systems, and non-MS systems by all indications are perfectly safe from becoming part of the botnet.

Conficker is a program that is spread by exploiting several weaknesses in Microsoft’s Windows operating system. Various versions of the software have spread widely around the globe since October, mostly outside the United States because there are more computers overseas running unpatched, pirated Windows. (The program does not infect Macintosh or Linux-based computers.)

New York Times Technology article

The speculation is that the bots will try to access a pool of 50,000 different domains (something we can determine by examining the code) looking for it’s C&C.   The problem is that defensivly registering the 50,000 domain names is something that nobody seems to want to, or capable of doing.

Other crimeware uses similar technolgy to look for different C&C systems based on a predictable algorythm, this is nothing new or groundbreaking.  The size of the pool is by far the largest I have heard of, so that is new.

There are likely man different ways that the nentire network can be thwarted, if the registrars, backbone providers and ISP’s all co-operate (fat chance) to null-route any of the 50,000 domains that might be registered and directed to the C&C systems.     That alone makes me think this is much ado about nothing.

Should people running computers infected with Windows ignore this potential threat.  Obviously they need to take the possiblity their computer is infected, VERY seriously.  If they are unable to switch to a operating system without so many security issues, then they should at least make sure their computer is not exploited.

Later today I will compile a list of reliable links to instructions/software for mitigation the threat on your own computer.  As far as the massivly parallel monster system this botnet might become on April 1st…well..   we won’t have to wait long to find out if this is a boy craying wolf, or the real thing.

Cyber Crime, Technology

Massive Chinese cyber espionage network discovered

Leave a comment

Researchers in Toronto released a report this weekend, regarding the discovery of a massive cyber-espionage and data theft network that appears to have 3 of it’s 4 Command-and-Control (C&C) located in China.

Vast Spy System Loots Computers in 103 Countries
By JOHN MARKOFF
Published: March 28, 2009

TORONTO — A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.

Link to full New York Times article

Details of the exploit vector are exactly spelled out in the article, but it would appear that this software infection of computers capable of monitoring email and other traffic.  By description, it sounds like the malware/trojan/crimeware employs a network sniffer to watch traffic I/O on the infected machine, sending interesting data back to one (or more) of the C&C systems.  The researchers also indicated that they stumbled upon some of this by accident, and there could be other capabilities of the network not yet exposed.

I plan to look into this further to see what types of systems have been infected.