Infections as a result of the infamous Conficker (Downadup) worm have peaked at around the 10m PC mark. Variants of Conficker use a variety of methods to spread, including exploiting the MS08-067 vulnerability in the Microsoft Windows server service patched by Redmond in October. Once it gets a foothold within corporate networks …
What Does it do?
I Know from previous entries that the bug is inactive and is a BotNet thing (correct me if im wrong please), BUt does anyone know what this can do or do you think it may just be a hoax to get everyone frightend?
The biggest boon to network security since then has been the success of WIFI! DUH! Nobody gives a damn about security, but they do like to use their laptops from the living room, so in the time between Nimda and now, everyone on the planet has bought a wireless router, and put their computers behind that. With wireless routers comes NAT, and with NAT comes the best firewall you can get, i.e. not having a public IP.
As anyone would recall, Nimda, Sasser, CodeRed and the other worms mentioned in the article were all self-propagating to open ports and public IPs. Those public IPs don't exist any more, so no one has bothered to write a worm, or if they have, it didn't go anywhere, because it could only infect servers, which were already hardend. It sounds like this Conficker worm spreads by removable media, which makes it sound more like a virus to me, anyway. (notwithstanding that it doesn't sound like it actually writes itself into any .exe's)
"Inactive" is a bit ambiguous. At the moment, the compromised machines have not been instructed to do anything except call up seemingly randomly named servers, looking for instructions, and from the reports, they are doing that. So not inactive in that sense.
It seems likely that at some point, the perpetrators of the botnet will put a server or servers on the net under one or more of the "random" names, and start issuing new instructions to the millions of compromised machines. Then we will know what this botnet is for. Probably just more spam, but maybe denial-of-service attacks and the related extortion.
be very afraid...
This is no hoax, and people should be frightened. As a security consultant, one can never be paranoid enough. A cracker only has to be right once to find a chink in the armour.
Your computer and everything on it, business, personal, bank account details, private porn collection etc and your life is in someone else's hands. These persons could be very nasty indeed.
1. just delete everything while you're asleep and securely wipe the hard disk, but then there is no profit in it for them.
2. encrypt important files and ask for a ransom for the key. If they were nice, you might actually get the key. If not, then pray you had backups.
3. Use your machine to send spam messages.
4. Use your machine as a vehicle to distribute or child porn. If you get caught, it can ruin your life regardless of your innocence.
5. Listen to everything you do and grab your bank details and passwords.
6. Launch denial of service attacks from your machine to any number of targets.
7. Cause immense misery to millions of people, steal identities, use ebay in your name etc, take out mortgages in your name and disappear...
8. Do many other things too nasty to think about, such as blackmail or kidnapping if the victim is famous.
Users' ignorance and indifference to security is shocking, but why should they have to know so much? If Microsoft had done their job properly the criminals would never have got this much of a foothold and created such a huge criminal economy.
I suspect that the botnet is still inactive because it is too successful, and all the world is watching. The feds will be crawling over any ips found to be responsible for kicking it into action.
what we need now
... is to know where all these machines are and cut all them from the Interwebs, once and for good. Ain't going to happen, but nice to dream of ...
Randomly generate server addresses?
Surely the white hats can determine the addresses about to be used, and intercept the traffic.
On the other hand, if it originated in China, it might be only necessary to remove China from the Internet.
No paris on this one, too smelly for her.
- Updated Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
- Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
- Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
- FOUR DAYS: That's how long it took to crack Galaxy S5 fingerscanner
- Did a date calculation bug just cost hard-up Co-op Bank £110m?