[ad]
So the big Conficker scare of April 1st has passed without any real events, no major sites taken down, no major online terror campaigns spawned.
Just a new more sophisticated, harder to stop version of Conficker updating from a longer list of domains.
It seems like this malware might be here to stay and infecting more and more computers building a formidable network of zombies.
April 1 has come and gone in some parts of the world, and the Conficker worm is still here. While the day in security passed by relatively uneventfully, there are still people at risk.
The doomsday some were predicting the Conficker worm to bring had not materialized as of the evening of April 1. But that hardly means Conficker is a bust.
In short, the Conficker worm did what was expected—generate 50,000 domain names and begin contacting them. According to BKIS, the Bach Khoa Internetwork Security center, 1.1 million PCs in Europe, Asia and a part of America infected with Conficker have already “called home.”
But even though nothing dramatic happened, AVG Technologies Chief Research Officer Roger Thompson warned against blowing the worm off.
It seems like the confirmed infection rate is sitting at just above 1 million, far less than the previously estimated 9 million.
But still 1 million is a formidable arsenal of spam sending machines, or a deadly DDoS network.
There is also the possibility of selling Conficker’s army of infected computers, but that could prove problematic due to the amount of attention it generated. Right now, countless members of the security community, including the Conficker Cabal—formally known as the Conficker Working Group—are keeping tabs on the worm. Even with 50,000 domains in question, those domains are being closely monitored and any malicious servers will likely be noticed before long.
“Given the profile of Conficker, I think it’s rather unlikely that the botnet is up for sale,” said Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab Americas. “Not a lot of people out there would like to handle such hot property, as the botnet is being watched by a lot of people. However, leasing [parts of] the botnet is a different story. That way the leasers would get the advantage of the power of the botnet, but the owners would still be running the risk.”
I think the assumption is fine, they won’t plan on selling the botnet – they will just keep increasing its size and potential and then lease out chunks of it for DDoS attacks and sending spam e-mails.
All this dodgy stuff is big business now, and sadly there doesn’t seem to be anything we can do about it.
Of course we can personally make sure no-one we know gets infected with Conficker, and if they do we can clean it up. But other than that, just observe the fun right?
Source: eWeek
navin says
WIRED has come up with a nice N00b article on how a buffer overflow works….chk it out at http://blog.wired.com/27bstroke6/2009/03/conficker-how-a.html
oldr4ver says
The article you quoted has some info backwards…
“including the Conficker Cabal
cbrp1r8 says
well for the most part, everyone’s had since october to protect against conficker/downadup….I personally didn’t see this really being a big “y2k show” myself and I was happy to find out come yesterday that it wasn’t what it was “hyped-up” to be….from a global company perspective we’ve been set since last november against it and have only had to worry about a few one-offs here an there…which is a “no big deal” when your talking numbers of 50-100k machines you have to worry about in a single company.
Home user wise…i sorted out all my family and friends long ago…the rest of the machines i’m guessing are all non-patched pirated winboze boxes…. /shrug
c0rrect0r says
oldr4ver: “formally” isn’t the same as “formerly”.