Conficker Day – April 1st – Uneventful


So the big Conficker scare of April 1st has passed without any real events, no major sites taken down, no major online terror campaigns spawned.

Just a new more sophisticated, harder to stop version of Conficker updating from a longer list of domains.

It seems like this malware might be here to stay and infecting more and more computers building a formidable network of zombies.

April 1 has come and gone in some parts of the world, and the Conficker worm is still here. While the day in security passed by relatively uneventfully, there are still people at risk.

The doomsday some were predicting the Conficker worm to bring had not materialized as of the evening of April 1. But that hardly means Conficker is a bust.

In short, the Conficker worm did what was expected—generate 50,000 domain names and begin contacting them. According to BKIS, the Bach Khoa Internetwork Security center, 1.1 million PCs in Europe, Asia and a part of America infected with Conficker have already “called home.”

But even though nothing dramatic happened, AVG Technologies Chief Research Officer Roger Thompson warned against blowing the worm off.

It seems like the confirmed infection rate is sitting at just above 1 million, far less than the previously estimated 9 million.

But still 1 million is a formidable arsenal of spam sending machines, or a deadly DDoS network.

There is also the possibility of selling Conficker’s army of infected computers, but that could prove problematic due to the amount of attention it generated. Right now, countless members of the security community, including the Conficker Cabal—formally known as the Conficker Working Group—are keeping tabs on the worm. Even with 50,000 domains in question, those domains are being closely monitored and any malicious servers will likely be noticed before long.

“Given the profile of Conficker, I think it’s rather unlikely that the botnet is up for sale,” said Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab Americas. “Not a lot of people out there would like to handle such hot property, as the botnet is being watched by a lot of people. However, leasing [parts of] the botnet is a different story. That way the leasers would get the advantage of the power of the botnet, but the owners would still be running the risk.”

I think the assumption is fine, they won’t plan on selling the botnet – they will just keep increasing its size and potential and then lease out chunks of it for DDoS attacks and sending spam e-mails.

All this dodgy stuff is big business now, and sadly there doesn’t seem to be anything we can do about it.

Of course we can personally make sure no-one we know gets infected with Conficker, and if they do we can clean it up. But other than that, just observe the fun right?

Source: eWeek

Posted in: Malware

, , , , ,


Latest Posts:


RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
BloodHound - Hacking Active Directory Trust Relationships BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment.


4 Responses to Conficker Day – April 1st – Uneventful

  1. navin April 2, 2009 at 10:08 am #

    WIRED has come up with a nice N00b article on how a buffer overflow works….chk it out at http://blog.wired.com/27bstroke6/2009/03/conficker-how-a.html

  2. oldr4ver April 2, 2009 at 12:54 pm #

    The article you quoted has some info backwards…

    “including the Conficker Cabal

  3. cbrp1r8 April 2, 2009 at 3:18 pm #

    well for the most part, everyone’s had since october to protect against conficker/downadup….I personally didn’t see this really being a big “y2k show” myself and I was happy to find out come yesterday that it wasn’t what it was “hyped-up” to be….from a global company perspective we’ve been set since last november against it and have only had to worry about a few one-offs here an there…which is a “no big deal” when your talking numbers of 50-100k machines you have to worry about in a single company.

    Home user wise…i sorted out all my family and friends long ago…the rest of the machines i’m guessing are all non-patched pirated winboze boxes…. /shrug

  4. c0rrect0r April 7, 2009 at 7:37 pm #

    oldr4ver: “formally” isn’t the same as “formerly”.