Thursday, April 16, 2009

Conficker virus strengthens defences but hasn't attacked

COMPUTER security experts around the world watched warily as the dreaded Conficker worm squirmed deeper into infected machines with the arrival of the trigger date, April 1st.
The malicious software evolved, as expected, from East to West, beginning in time zones first to greet April Fool's Day.
"Planes are not going to fall out of the sky and the internet is not going to melt down," said threat analyst Paul Ferguson of Trend Micro.
"The big mystery is what those behind Conficker are going to do. When they have this many machines under their control it is kind of scary. With a click of a mouse they could get thousands of machines to do whatever they want."
Microsoft has formed a task force to stamp out the worm, known as Conficker or DownAdUP, and put a bounty of $US250,000 on the heads of those responsible for it.

Mutating code

The worm was programmed to modify on April 1, becoming harder to stop by generating bigger daily lists of websites and reaching out to 500 of those each day. Some infected machines will get cues from websites with Greenwich Mean Time and others based on local clocks.

Conficker task force members tracking today's internet traffic in Asia and Europe said there was no sign that the worm was doing anything other than modifying itself to be harder to exterminate.
Computer security specialists warn that the Conficker threat will remain even if April 1 passes without it causing trouble.
"It doesn't seem to be doing anything right now," Mr Ferguson said.
"I hope April 1st comes and goes with no trouble. But, there is this loaded pistol looming large out there even if no one has pulled the trigger."
The hackers behind the worm have yet to give it any specific orders. An estimated one to two million computers worldwide are infected with Conficker.
Addressing the threat
The FBI said it is working with the Department of Homeland Security and other US agencies to "identify and mitigate" the Conficker threat.
It can infect machines from the internet or by hiding on USB memory sticks carrying data from one computer to another.
Malware could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.
Microsoft has modified its free Malicious Software Removal Tool to detect and get rid of Conficker, which was first detected in November 2008.
The infection rate has slowed from a fierce pace earlier this year, but computers that are not updated with a Microsoft software patch remain vulnerable, according to security specialists.
One of the ways to tell if a computer is infected is that the worm will block efforts to connect with security firm websites such as Trend Micro or Symantec where there are online tools for removing the virus.
Cyber-criminals have taken advantage of Conficker hype by promising information or cures to lure users to websites booby-trapped with malicious software.
Lying in wait
The publicity surrounding the predicted April 1 attack date had likely caused Conficker’s creators to hold back on unleashing any malware, Robert Pregnell of Symantec Security Response said.
“In order to be successful these attacks need to stay under the radar and the profile given to it runs contrary to that,” he said.
“Everybody was waiting for it so it is fair to say it would be better, in the interest of the virus writers, to let this focus pass over and pull the lever when people least expect it.”
Mr Pregnall warned against complacency saying the infected computers were still vulnerable to attack.
“If you let this virus onto your computer it’s like you’ve logged into your PC and said to a stranger ‘Do whatever you want to do on it,’” he said.
Microsoft Australia’s Strategic Security Advisor Stuart Strathdee said Conficker was not predicted to be a broad threat to the internet.
He said any Microsoft users concerned about Conficker should visit or call 132 058.

No comments:

Post a Comment

counter to blogger