Computer worm ‘Conficker’ is doing its dirty work
Pentagon and other agencies are preparing to defend against cyber attacks. Meanwhile, here are ways to protect your computer.
By Michael B. Farrell | Staff writer/ April 25, 2009 edition
San Francisco
Internet security experts say that the computer worm known as Conficker, which has the ability to silently penetrate vulnerabilities within the Microsoft operating system, is beginning to rear its ugly head.
They say that the software is installing new and malicious programs on some of the computers it has already invaded with the aim of using those PCs to send out criminal spam and scrounge around on unsecured computers for valuable personal data, Reuters reported Friday.
Conficker, also called Downadup and Kido, works like this: Once the worm wiggles into a PC, it then has the ability to install software and enable the computer to receive additional viruses from the program’s creators. It can also link an individual PC to other infected machines and create an army of computers under its control, called a botnet, which can be strung together for launching cyberattacks.
Millions of PCs already invaded
Experts say that the Conficker worm has already dug into millions of PCs but only been activated in a small percent of them. It was feared that the makers of the software program would trigger a massive attack on April 1. While that didn’t happen, the US Computer Emergency Readiness Team (US-CERT) said earlier this month that it has detected a new variant of the worm that “updates earlier infections via its peer-to-peer network against unpatched systems.”
Microsoft released a security patch last year to improve its systems’ security in an effort to combat Conficker. The patch is still available at Microsoft.com, but an estimated 30 percent of Microsoft users have not updated their systems.
While many say that the Conficker Worm is one of the most sophisticated they have come across — and the most widespread since a worm called Slammer that spread in 2003 — there are some simple protections that PC users can take. In addition to the free updates available from Microsoft, computer users can purchase an array of antivirus programs from software makers such as Symantec or McAfee.
How to test your computer
An easy test for computer users to perform to see if Conficker might be on their PCs is to simply attempt to log into some of these software security company’s website. The worm has the ability to block access to many security company sites.
Cyber security is becoming an increasing concern in the US and around the world amid the growth in Internet activity as well as in the level of sophistication being seen in malicious programs such as Conficker.
According to The Wall Street Journal, a new Pentagon Cyber Command will oversee the defense of US computer networks and cyber-attack operations. The paper reported Friday that Defense Secretary Robert Gates will name Keith Alexander, director of the National Security Agency, to head the Cyber Command operation.
Secretary Gates said in a memo reviewed by the Journal that, “our increasing dependency on cyberspace, alongside a growing array of cyber threats and vulnerabilities, adds a new element of risk to our national security.”
White House recommendations
The Obama administration is expected to release its own set of recommendations for cybersecurity policy as early as next week.
While many cyber-watchers hoped that Melissa Hathaway, President Obama’s top cyber czar, would shed some light into what those specific policy recommendations might be, she offered little in terms of specifics in a speech earlier this week at a San Francisco computer security conference.
Instead she focused on what went into the administration’s recently-completed 60-day review of US cyberspace policy, which many critics say has been ineffectual because it has not been streamlined under one agency.
“It can be said that the federal government is not organized appropriately to address this growing problem because responsibilities for cyberspace are distributed across a wide array of federal departments and agencies,” she said. “We need an agreed way forward based on common understanding and acceptance of the problem.”
( More stories )
Comments
3. attack | 04.26.09
You mean this agencies are not prepare yet…Internet is not a secure system and perhaps never.You let Microsoft make the rule …
4. Ray Salemi | 04.26.09
You can see if you have the Conficker virus by going to this web page:
http://www.confickerworkinggroup.org/infection_test/cfeyechart.html
If you an see all six pictures on this page, you are clean.
5. Rohit | 04.26.09
I wonder about the extent that Microsoft is indirectly responsible for this problem. It could very well be that operating systems which are invulnerable to such attacks exist or can be developed, but since Microsoft has succeeded in dominating the market, other systems (with some exceptions like Linux) have little chance to break into the market. I think it is not good that the entire US is vulnerable to the profit motives of one company.
We have all come to accept this state of affairs, but why?
6. John | 04.26.09
My response to Department of Homeland Security:
Your company is requiring a TS/SCI clearance, this will eliminate about 99.9% - of all the applicants - that have the specific skills your company is really seeking. The candidates that have this specialized background, are typically cleaner than snow.
Your agency is looking for someone whose background is not crystal clean. Someone that thinks out of the box -
So, I make the following unqualified, heavily contested statement. The Conficker Virus/Worm, contains many different types of distribution mechanisms. It is my opinion, that the data, it collected (IP address and physical location) via the Command and Control server, was used in a different way. This data, which was mapped (ie locations of infected machines marked on a physical map), was also used to look at internet routing paths between the C&C and the infected machine. Using this routing path data, additional attacks can, and are, being planned. Heavily relying on a technology called Fast/Flux and manipulation of DNS servers. With the goal of “Enter the bank/business/consumer machine, via a back door, stealing all the money, and leaving without a trace of evidence”.
Can this behavior be stopped, yes it can, but cooperation is lacking.
7. Eric | 04.26.09
Taking inadequate precautions, leaving your computer infected and leaving it connected to the web is a public nuisance akin to letting your poorly trained dog run around biting your neighbors.
This is a more difficult situation to track, but ISPs should be required to take some measures to assess the security of systems connecting through them and to shut down access for machines showing signs of being infected, and the owners should be fined.
8. Caraibes | 04.26.09
-Why don’t you guys just switch to Linux ? You’ll never be bothered by viruses anymore… I use Linux only since 2005… Very happy with it !
10. J. Bechtold | 04.26.09
Re: Conficker worm. It’s about time that the hacker problem is dealt with at the top level of governemnt. I agree with Ms. M Hathaway that a central Federal organization to combat hackers is needed, rather than a fragmented, each Department with its own unit, approach. That is, provided there is recognition of each Departments’ needs and a responsive exchange of info/data. Laws, both national and international need also to be promulgated to deal with this problem.
11. Chris | 04.26.09
Microsoft put together a good resource page for anyone concerned about conficker:
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
12. rachel computer hardware | 04.27.09
thanks for the link Chris. I heard on a news that Microsoft gave a link for an update to protect our computer against conficker. Is it true if you use Linux you won’t get infected with this worms?
13. Matthew L. Kaskavitch | 04.27.09
The impacts of Conficker will continue for some time. Conficker is hands down the most complex and thoughtfully designed worm in the history of the Internet. It is going to be extremely tough to stop it. I am hoping the author of Conficker slips up or makes a mistake, letting the white hats gain and upper hand. However, that seems unlikely.
I found it interesting though that many blame Russia and China while the UK is being exempt from the attacks by Conficker. Filtering UK ip addresses would leave me to believe the authors live in the UK. But is that just a smoke screen? Can’t say for sure because of their 128-bit encrypted digital signatures on the packets.
While I don’t agree with the motive, Conficker is an impressive piece of technology far from any script kiddie.
Trackbacks/Pingbacks
1. Computer worm ‘Conficker' is doing its dirty work | csmonitor.com | Computer Internet and Technology Articles. | 04.25.09
Leave a Comment
We do not publish all comments, and we do not publish comments immediately. The comments feature is a forum to discuss the ideas in our stories. Constructive debate - even pointed disagreement - is welcome, but personal attacks on other commenters are not, and will not be published.
Tip: Do not write a novel. Keep it short. We will not publish lengthy comments. Come up with your own statements. This is not a place to cut and paste an email you received. If we recognize it as such, we won't post it.
Please do not post any comments that are commercial in nature or that violate copyrights.
Finally, we will not publish any comments that we regard as obscene, defamatory, or intended to incite violence.
1. Norbert | 04.26.09
“many critics say has been ineffectual because it has not been streamlined under one agency”
I’m not a security expert, but it would seem obvious that a common-mode failure, made more likely by using a single agency, must be avoided at all costs. If the job were spread over three or four agencies, or at least silos, each with its own mandate, then the whole thing might be made more fault-tolerant, albeit with perhaps less efficiency.