Conficker Day – April 1st – Uneventful

The New Acunetix V12 Engine


So the big Conficker scare of April 1st has passed without any real events, no major sites taken down, no major online terror campaigns spawned.

Just a new more sophisticated, harder to stop version of Conficker updating from a longer list of domains.

It seems like this malware might be here to stay and infecting more and more computers building a formidable network of zombies.

April 1 has come and gone in some parts of the world, and the Conficker worm is still here. While the day in security passed by relatively uneventfully, there are still people at risk.

The doomsday some were predicting the Conficker worm to bring had not materialized as of the evening of April 1. But that hardly means Conficker is a bust.

In short, the Conficker worm did what was expected—generate 50,000 domain names and begin contacting them. According to BKIS, the Bach Khoa Internetwork Security center, 1.1 million PCs in Europe, Asia and a part of America infected with Conficker have already “called home.”

But even though nothing dramatic happened, AVG Technologies Chief Research Officer Roger Thompson warned against blowing the worm off.

It seems like the confirmed infection rate is sitting at just above 1 million, far less than the previously estimated 9 million.

But still 1 million is a formidable arsenal of spam sending machines, or a deadly DDoS network.

There is also the possibility of selling Conficker’s army of infected computers, but that could prove problematic due to the amount of attention it generated. Right now, countless members of the security community, including the Conficker Cabal—formally known as the Conficker Working Group—are keeping tabs on the worm. Even with 50,000 domains in question, those domains are being closely monitored and any malicious servers will likely be noticed before long.

“Given the profile of Conficker, I think it’s rather unlikely that the botnet is up for sale,” said Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab Americas. “Not a lot of people out there would like to handle such hot property, as the botnet is being watched by a lot of people. However, leasing [parts of] the botnet is a different story. That way the leasers would get the advantage of the power of the botnet, but the owners would still be running the risk.”

I think the assumption is fine, they won’t plan on selling the botnet – they will just keep increasing its size and potential and then lease out chunks of it for DDoS attacks and sending spam e-mails.

All this dodgy stuff is big business now, and sadly there doesn’t seem to be anything we can do about it.

Of course we can personally make sure no-one we know gets infected with Conficker, and if they do we can clean it up. But other than that, just observe the fun right?

Source: eWeek

Posted in: Malware

, , , , ,


Latest Posts:


HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
Metta - Information Security Adversarial Simulation Tool Metta – Information Security Adversarial Simulation Tool
Metta is an information security preparedness tool in Python to help with adversarial simulation and assess security defense preparation and alerts.


4 Responses to Conficker Day – April 1st – Uneventful

  1. navin April 2, 2009 at 10:08 am #

    WIRED has come up with a nice N00b article on how a buffer overflow works….chk it out at http://blog.wired.com/27bstroke6/2009/03/conficker-how-a.html

  2. oldr4ver April 2, 2009 at 12:54 pm #

    The article you quoted has some info backwards…

    “including the Conficker Cabal

  3. cbrp1r8 April 2, 2009 at 3:18 pm #

    well for the most part, everyone’s had since october to protect against conficker/downadup….I personally didn’t see this really being a big “y2k show” myself and I was happy to find out come yesterday that it wasn’t what it was “hyped-up” to be….from a global company perspective we’ve been set since last november against it and have only had to worry about a few one-offs here an there…which is a “no big deal” when your talking numbers of 50-100k machines you have to worry about in a single company.

    Home user wise…i sorted out all my family and friends long ago…the rest of the machines i’m guessing are all non-patched pirated winboze boxes…. /shrug

  4. c0rrect0r April 7, 2009 at 7:37 pm #

    oldr4ver: “formally” isn’t the same as “formerly”.