So the mastermind of the April 1st Doomsday virus has finally delivered a payload to his zombie bot network of millions of computers. And how devastating an attack it is! Except not really. The new Conficker payload is fairly mundane, and certainly not worth the hype that was given to it.
Conficker has turned its zombie network into a giant spam network. The worm tries to get users to pay $49.95 for non-existent virus and malware removal tools. It is a very common use for virus's and worms. Conficker also downloads another worm that steals passwords and sends more spam through email accounts.
So, now that cyber dooms day has come and gone, all we have is a very sophisticated, top-notch spam bot network. Because sometimes, theres just not enough spam on the internet...
Showing posts with label April 1. Show all posts
Showing posts with label April 1. Show all posts
Thursday, April 9, 2009
Wednesday, April 1, 2009
conficker.c - Did it kill the internet?
Nobody panic! If you are reading this post, then rest assured that conficker.c did NOT kill or destroy the internet.
Indeed, I am typing this post on a still working internet, so clearly conficker.c didn't do what it was supposed to. Right?
Wrong. The conficker worm did exactly what it was supposed to do today. On April 1, 2009, conficker came "online" and called home very ET-like. The master computer, however, didn't have any commands for conficker worms out there except to stay put until they receive further instructions. The moral of the story? conficker may not have done anything noticeable today (although it did increase the random URL's from 250 to 50000 as we said it would), but it is all set up to do something at some point in the future. So if you have conficker Strain C, it would most definitely behoove you to get rid of it as soon as possible. If you want to check to see if you have conficker, simply go to Microsofts website and try to update your computer. Conficker's a nasty little bugger and will block you from updating your computer, so if you have trouble updating, use the conficker removal tool.
So I hope your all glad to know that your still safe from conficker for another day. You don't have to worry about a multimillion zombie-computer assault tonight, and probably not tomorrow either. After that, though, it's anyones guess...
Indeed, I am typing this post on a still working internet, so clearly conficker.c didn't do what it was supposed to. Right?
Wrong. The conficker worm did exactly what it was supposed to do today. On April 1, 2009, conficker came "online" and called home very ET-like. The master computer, however, didn't have any commands for conficker worms out there except to stay put until they receive further instructions. The moral of the story? conficker may not have done anything noticeable today (although it did increase the random URL's from 250 to 50000 as we said it would), but it is all set up to do something at some point in the future. So if you have conficker Strain C, it would most definitely behoove you to get rid of it as soon as possible. If you want to check to see if you have conficker, simply go to Microsofts website and try to update your computer. Conficker's a nasty little bugger and will block you from updating your computer, so if you have trouble updating, use the conficker removal tool.
So I hope your all glad to know that your still safe from conficker for another day. You don't have to worry about a multimillion zombie-computer assault tonight, and probably not tomorrow either. After that, though, it's anyones guess...
Tuesday, March 31, 2009
April Fools Day Virus - AKA conficker.c
Many of you have probably heard about the virus conficker.c that is set to go online April 1, 2009. But for those of you who haven't heard about it, fear not! Because I'm going to explain it now anyways.
The first point I would like to make is that conficker technically isn't a virus. Most people confuse virus's with just about every other type of malware known to machine and man, so I'm going to call it a virus for the sake of my sanity. In reality, however, conficker is what is called a worm, meaning that it is self replicating. Once you have the conficker worm it can reproduce itself and use your computer to send itself to other computers and systems. A virus, on the other hand, requires a "host", usually a program that you execute allowing the virus to infest your computer. The virus then remains in the host unless some physical medium is used on the computer, infected, and then used in another computer (USB drives, floppy disks, etc).
So what exactly is conficker? Well, the conficker virus/worm comes in 3 different versions (Strains). Strain A basically created 250 random websites per day, allowing for the "zombie" computers (computers that can be controlled and accessed by a "master" computer that the original virus' author has access to). This strain was patched in most cases, and so isn't a huge problem. The end goal was simply to sell bogus software to unwitting users. The second strain released, conficker.b was similar, but infected millions of more computers. The major innovation in conficker.c is that instead of generating 250 URL's per day, it will generate upwards of 50,000.
Strain C could be simply another bogus advertising deal, trying to trick users into giving up important credit card information. Other theories exist as to what it may do, however. When Strain C becomes active, the conficker virus will be able to bypass many security programs and infect the rest of the computers on the same local network as an infected computer. It also has the ability to build a tunnel that will allow it to find and infect computers via the internet, allowing it to spread rapidly. It could then be used by criminals to gain access to the private data contained on the millions of infected computer (an estimated 6-10 million computers are currently infected). It would be the largest zombie network ever created by a single entity. The zombie network could also be used to mount a DoS attack against any number of servers.
Conficker is already prevalent in the computer world. Like I said before, an estimated 10 million computers are infected already, including the British Parliament, the french navy, and other government bodies.
We really have no idea what conficker will do, aside from "dial home" to its maker tomorrow. The end goal of the worm is still unknown. What it will do is anyones guess. My suggestion, however, is that if you are running a windows machine, you may want to check to make sure you have updated your antivirus software, as conficker, among the other things it does that we know about, blocks updates and installations (of antivirus software) that may be harmful to it.
The first point I would like to make is that conficker technically isn't a virus. Most people confuse virus's with just about every other type of malware known to machine and man, so I'm going to call it a virus for the sake of my sanity. In reality, however, conficker is what is called a worm, meaning that it is self replicating. Once you have the conficker worm it can reproduce itself and use your computer to send itself to other computers and systems. A virus, on the other hand, requires a "host", usually a program that you execute allowing the virus to infest your computer. The virus then remains in the host unless some physical medium is used on the computer, infected, and then used in another computer (USB drives, floppy disks, etc).
So what exactly is conficker? Well, the conficker virus/worm comes in 3 different versions (Strains). Strain A basically created 250 random websites per day, allowing for the "zombie" computers (computers that can be controlled and accessed by a "master" computer that the original virus' author has access to). This strain was patched in most cases, and so isn't a huge problem. The end goal was simply to sell bogus software to unwitting users. The second strain released, conficker.b was similar, but infected millions of more computers. The major innovation in conficker.c is that instead of generating 250 URL's per day, it will generate upwards of 50,000.
Strain C could be simply another bogus advertising deal, trying to trick users into giving up important credit card information. Other theories exist as to what it may do, however. When Strain C becomes active, the conficker virus will be able to bypass many security programs and infect the rest of the computers on the same local network as an infected computer. It also has the ability to build a tunnel that will allow it to find and infect computers via the internet, allowing it to spread rapidly. It could then be used by criminals to gain access to the private data contained on the millions of infected computer (an estimated 6-10 million computers are currently infected). It would be the largest zombie network ever created by a single entity. The zombie network could also be used to mount a DoS attack against any number of servers.
Conficker is already prevalent in the computer world. Like I said before, an estimated 10 million computers are infected already, including the British Parliament, the french navy, and other government bodies.
We really have no idea what conficker will do, aside from "dial home" to its maker tomorrow. The end goal of the worm is still unknown. What it will do is anyones guess. My suggestion, however, is that if you are running a windows machine, you may want to check to make sure you have updated your antivirus software, as conficker, among the other things it does that we know about, blocks updates and installations (of antivirus software) that may be harmful to it.
Subscribe to:
Posts (Atom)
Posts
