Re: How the Conficker Problem Just Got Much Worse

[David Farber <dave () farber net>]

 some of my friend in  Pittsburgh have commented that the system is a  
very sophisticated and is very professional in its structure

Dave
Begin forwarded message:

From: dewayne () warpspeed com (Dewayne Hendricks)
Date: April 4, 2009 11:39:17 AM EDT
To: Dewayne-Net Technology List <xyzzy () warpspeed com>
Subject: [Dewayne-Net] How the Conficker Problem Just Got Much Worse

How the Conficker Problem Just Got Much Worse
By John Mahoney, 1:00 PM on Fri Apr 3 2009
<http://i.gizmodo.com/5197148/how-the-conficker-problem-just-got-much-worse 
>
On the surface, April 1 came and went without a peep from the dreaded  
Conficker megaworm. But securityexperts see a frightening reality, one  
where Conficker is now more powerful and more dangerous than ever.

In the first minute of April 1, Conficker did exactly what everyone  
knew it was going to do: It successfully phoned home for an update.  
And while it was fun to imagine what nasty payload that update may  
have included (it was fun, wasn't it?), the result was not outwardly  
catastrophic; rather than a blueprint for world domination, the update  
contained instructions on how to dig in even deeper.

"The worm did exactly what everyone thought it was going to do, which  
is update itself," security expert Dan Kaminsky, who helped develop a  
widely-used Conficker scanner in the days leading up to April 1, told  
us. "The world wants there to be fireworks, or some Ebola-class,  
computers-exploding-all-over-the-world event or God knows what, but  
the reality is...the Conficker developers have cemented their ability  
to push updates through any fences the good guys have managed to build  
in February and March."

And here's why that is deeply, deeply scary. As we explained,  
Conficker has built a zombie botnet infrastructure by registering  
hundreds of spam DNS names (askcw.com.ru, and the like), which it then  
links up and uses as nodes for infected machines to contact for  
instructions. In its earlier forms, Conficker attempted to register  
250 such DNS names per day. But with the third version of the  
software, the Conficker.c variant which has been floating around for  
the last month or so, the number of spam DNS takeovers was boosted to  
50,000per day—a number security pros can no longer keep up with.

What the April 1 update did was simple: It provided instructions for  
linking up with the thousands, perhaps tens of thousands of new nodes  
registered by Conficker.c over the last few weeks, effectively growing  
the size of the p2p botnet to a point where it can not be stopped.

"It's not about ownage, it's about continued ownage," says Kaminsky,  
citing a favorite quotation of one of his hacker buddies. "It's not  
about how you get into the network, it's about, 'How do you be [there]  
a year from now?'" And the answer is: "You do a lot of the things the  
Conficker developers are doing."

[snip]RSS Feed: <http://www.warpspeed.com/wordpress>




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com