02 April 2009 | 7,848 views

Conficker Day – April 1st – Uneventful

Prevent Network Security Leaks with Acunetix

So the big Conficker scare of April 1st has passed without any real events, no major sites taken down, no major online terror campaigns spawned.

Just a new more sophisticated, harder to stop version of Conficker updating from a longer list of domains.

It seems like this malware might be here to stay and infecting more and more computers building a formidable network of zombies.

April 1 has come and gone in some parts of the world, and the Conficker worm is still here. While the day in security passed by relatively uneventfully, there are still people at risk.

The doomsday some were predicting the Conficker worm to bring had not materialized as of the evening of April 1. But that hardly means Conficker is a bust.

In short, the Conficker worm did what was expected—generate 50,000 domain names and begin contacting them. According to BKIS, the Bach Khoa Internetwork Security center, 1.1 million PCs in Europe, Asia and a part of America infected with Conficker have already “called home.”

But even though nothing dramatic happened, AVG Technologies Chief Research Officer Roger Thompson warned against blowing the worm off.

It seems like the confirmed infection rate is sitting at just above 1 million, far less than the previously estimated 9 million.

But still 1 million is a formidable arsenal of spam sending machines, or a deadly DDoS network.

There is also the possibility of selling Conficker’s army of infected computers, but that could prove problematic due to the amount of attention it generated. Right now, countless members of the security community, including the Conficker Cabal—formally known as the Conficker Working Group—are keeping tabs on the worm. Even with 50,000 domains in question, those domains are being closely monitored and any malicious servers will likely be noticed before long.

“Given the profile of Conficker, I think it’s rather unlikely that the botnet is up for sale,” said Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab Americas. “Not a lot of people out there would like to handle such hot property, as the botnet is being watched by a lot of people. However, leasing [parts of] the botnet is a different story. That way the leasers would get the advantage of the power of the botnet, but the owners would still be running the risk.”

I think the assumption is fine, they won’t plan on selling the botnet – they will just keep increasing its size and potential and then lease out chunks of it for DDoS attacks and sending spam e-mails.

All this dodgy stuff is big business now, and sadly there doesn’t seem to be anything we can do about it.

Of course we can personally make sure no-one we know gets infected with Conficker, and if they do we can clean it up. But other than that, just observe the fun right?

Source: eWeek



Recent in General News:
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords
- More Cyberterrorism – Taiwan Political Party Accuses China of Hacking

Related Posts:
- China Reports Millions Of Conficker Infections
- How to Scan for Conficker Worm
- New Conficker Variant More Aggressive

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,081 views
- eEye Launches 0-Day Exploit Tracker - 85,072 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,465 views

Advertise on Darknet

4 Responses to “Conficker Day – April 1st – Uneventful”

  1. navin 2 April 2009 at 10:08 am Permalink

    WIRED has come up with a nice N00b article on how a buffer overflow works….chk it out at http://blog.wired.com/27bstroke6/2009/03/conficker-how-a.html

  2. oldr4ver 2 April 2009 at 12:54 pm Permalink

    The article you quoted has some info backwards…

    “including the Conficker Cabal

  3. cbrp1r8 2 April 2009 at 3:18 pm Permalink

    well for the most part, everyone’s had since october to protect against conficker/downadup….I personally didn’t see this really being a big “y2k show” myself and I was happy to find out come yesterday that it wasn’t what it was “hyped-up” to be….from a global company perspective we’ve been set since last november against it and have only had to worry about a few one-offs here an there…which is a “no big deal” when your talking numbers of 50-100k machines you have to worry about in a single company.

    Home user wise…i sorted out all my family and friends long ago…the rest of the machines i’m guessing are all non-patched pirated winboze boxes…. /shrug

  4. c0rrect0r 7 April 2009 at 7:37 pm Permalink

    oldr4ver: “formally” isn’t the same as “formerly”.