Conficker Still Confounding Security Experts
Conficker Still Confounding Security Experts
Posted 08/28/2009 at 7:15am
| by Paul Lilly
2
Comments
Print
One of the nastiest worms in recent history, the Conficker worm, which first surfaced in October 2008, manage to infect over 9 million PCs, shut down French and British military assets, and prompt a $250,000 reward from Microsoft for information leading to the arrest and conviction of the worm's creators.
Nearly a year later, the hefty reward remains uncollected while security experts continue to try and trace Conficker's origins and erase the threat. But it's still out there, as is the threat of another attack.
"It's using the best current practices and state of the art to communicate and to protect itself," Rodney Joffe, director of the Conficker Working Group, said of the worm. "We have not found the trick to take control back from the malware in any way."
After all this time, researchers are still left speculating what exactly Conficker was ultimately designed to do. It could as be simple as generating large amounts of spam, or it could record keystrokes and steal users' login information. On a larger and more frightening scale, researchers say its possible Conficker was designed by an intelligence agency or another country's military in order to monitor or disable an enemy's computers.
On the bright side, no one is sitting idly by waiting for Conficker to strike again. While security experts continue to work on ways to eradicate the worm, Conficker remains an open investigation with the FBI, who purportedly has a few leads.
More info here.
Image Credit: scienceblogs.com
More like this
AntiHero
August 28, 2009 at 9:17am
Whoever wrote that is pretty damn clever. Thtat surprises me that it's still going unpunished and nobody even has an idea howto regain control yet.
I don't like Microsoft, I associate with it.
LVmonkey
August 30, 2009 at 4:40pm
The reason is that you can take any code and reverse engineer it from machine code, to a hex editor, toss it around to recomplile it into a language like C and look it over... and thats assumign your can't read machine coding.
So given that the tools are even available 'in the wild' (granted the better ones are for 'nix OS's) what is the real issue, here? My thoughts are that the code is NOT the issue but more over how to trake whats there and track it back. If I remember correctly It's supposed to take it's commands through IRC... at some point it should unravel if the commanding machine/bot/IRC speaks to it... so at worst the IRC is being run through a darknet, but really, from my readings that isn't all totally secure either. the only thing that would keep them off the trail is from the commander machine to speak over dynamically changing identities to confusse them... but again, I don't think the code is the over all problem... they MUST have that sucker cracked six ways from sunday by now.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Analysts: 9-Inch Kindle Fire This Summer http://t.co/QDYApwCZ1 day 1 hour ago
- maximumpc: Micron: DRAM Prices Likely as Low as They're Going to Get http://t.co/fFUWuFOm1 day 4 hours ago
- maximumpc: Yar, Mateys! All Of Pirate Bay Made Available As A Single 90MB Zip File http://t.co/j5LHlXEZ1 day 5 hours ago
