Friday, August 28, 2009

Conficker' software is silently infecting PCs around the world


Experts waiting for worm to turn
`Conficker' software is silently infecting PCs around the world
August 28, 2009

Business Reporter

In the shadowy world of computer viruses, the potential for Armageddon – or its digital equivalent – seemingly lurks around every corner. Such is the challenge faced by computer security experts as they hunt, capture and catalogue literally tens of thousands of new specimens of malicious software, or malware, every day.

Many are easily stopped, but others prove to be smarter, more resilient. Still others appear to defy every effort at eradication.

Those include a particularly savvy program called Conficker, which attacks computers running Microsoft Windows software and recruits them into a vast army of similarly compromised machines known as a botnet.

The worm first emerged last year and is conservatively estimated to have infected at least three million computers around the world, although many users likely have no idea their machines have been co-opted.

The concern, as is the case with other high-profile worms, is that the program's creators will remotely use the botnet's collective computing powers for some sinister purpose.

But when? And what for?

"Like many of these botnets, it's a sleeping army," said Graham Cluley, a senior technology consultant with antivirus firm Sophos PLC. "It just lies and waits there for instructions.

"But so far there are no instructions."

Conficker made headlines earlier this year amid fears the virus was preparing an attack around April 1. That never materialized.

The incident was reminiscent of the 1992 "Michelangelo" virus scare that threw the industry into panic after experts claimed as many as five million machines could be infected on March 6, the Renaissance artist's birthday. The virus ended up spreading to only a few thousand computers.

But Conficker still lurks. A New York Times report this week highlighted the difficulty experts face as they try to eradicate the stubborn worm.

While Microsoft issued a patch last October to protect the vulnerable aspects of its software, researchers estimate that some 30 per cent of computers running Windows remain unprotected.

Alarmed by the speed of Conficker's initial spread, the industry responded in February by setting up the Conficker Working Group, which includes Microsoft and several Internet security companies. Microsoft has offered a $250,000 (U.S.) reward for information leading to the arrest and conviction of the people behind Conficker, according to the group's website.

Dean Turner, director of global intelligence for Symantec Corp., a member of the working group, said Conficker's infection rate has since "stabilized," but stressed that stopping the worm has proved unexpectedly difficult.

"The threat is very sophisticated," he said. "There's no doubt about that."

Some have raised the possibility that Conficker could have been created by a foreign government's intelligence agency or military for some unknown purpose.

But Turner said the worm's behaviour has so far led him to believe that Conficker, like most botnets, is designed to make money.

That can be accomplished by enlisting the zombie computers to send out potentially billions of spam emails.

The unique economics of spam – a volume business – means that a substantial amount of money can be made even if only a tiny fraction of recipients bother to purchase dubious products that claim to improve one's sex life or offer opportunities to consolidate one's debts.

There is also money to be made by stealing people's personal information and passwords.

And, in a relatively new twist, some spam attempts to trick users into thinking their computers have been infected by a virus so that they will buy antiviral software.

One theory as to why Conficker has not yet been called into action is that its creators have been spooked by all the attention the worm has generated, fearing that if a money trail materializes, they will be caught.

But Turner said as long as Conficker is on the loose, it represents an ongoing threat.

That's because it's becoming increasingly common for virus makers to sell access to their creations to criminal groups, he said.

No comments:

Amazon