April 1 has come and gone, and the Internet has not disintegrated and no major cyber-attacks were reported. But Conficker still remains a threat. Now don't panic, this doesn't mean cyber-Armageddon could strike at any minute, it just means you need to make sure your computer is fully updated if it isn't already. Feel better? Good, then let's take a look at what's going on.
Why It Ain't Over Yet
The Conficker Working Group -- which is made up of 27 tech companies and agencies including AOL, F-Secure, Facebook, ICANN, Kaspersky, McAffee, Microsoft, Symantec -- says that Conficker, also known as Downup, Downadup, and Kido, is the largest worldwide computer infection since the SQL Slammer in 2003. The CWG estimates anywhere from 3 to 15 million computers are infected worldwide, and says 30 percent of Windows computers across the globe are not updated with the latest patches to protect against Conficker. The virus authors are also still at large and able to communicate with Conficker, although that capability has been significantly reduced.
Problem Spots
As you can see from this map provided by the CWG, Conficker infections in the United States are happening pretty much everywhere you can find an Internet connection. However, despite all that ominous-looking red, only 6 percent of Conficker infections are in North America. The biggest problem areas are actually concentrated in Asia and South America including Vietnam, Brazil, the Philippines, and Indonesia, as well as Algeria.
The hardest hit areas may also have a correlation to the number of unpatched Windows computers since Asia, Eastern Europe, and South America are areas known to have widespread use of pirated Windows software. Since Microsoft automatically blocks illegitimate copies of Windows from receiving critical updates, those computers remain vulnerable to Conficker, thus perpetuating the risk.
What Conficker is Doing
Yesterday, Conficker began its daily exercise of contacting 500 Web sites from a randomly generated list of 50,000 sites. Conficker will continue to do this every day until it receives instructions to do something else. Further instructions could be a simple software update or the infected computers could work as a botnet to commit theft or attack other computer networks. The problem is that while security and IT professionals are working to block Conficker from getting further instructions, they haven't been able to block all Conficker traffic. So some infected machines have gotten through, but luckily further instructions haven't been issued, yet. Conficker's authors may be laying low until publicity surrounding Conficker dies down before contacting their creation.
If Conficker is updated or receives further instructions, that capability could pass between infected machines without further need of a server or Web site, because Conficker uses a peer-to-peer (p2p) protocol to communicate with other infected machines. That's right, Conficker is file-sharing. With p2p, the worm can distribute software updates much faster than if every infected machine had to communicate with a main server.
The Final Countdown?
Does this mean the world could still end? Probably not, and that was never the concern with Conficker despite the doomsday scenarios you may have read. The fact is that most security experts believe that Conficker is just a typical botnet worm that can be used for identity theft or to commit other forms of cybercrime. Conficker is most likely controlled by an organized crime syndicate in Asia, Eastern Europe, or South America, and the group may even rent out Conficker's capabilities if the botnet every becomes active.
Conficker is a threat only if your computer does not have the latest security patches from Microsoft and an up-to-date antivirus program.
Friday, April 3, 2009
CONFICKER WORM UPDATE - THREAT STILL LOOMS
Subscribe to:
Post Comments (Atom)
6 comments:
Hello...Thank you so much for this information.
I am more than thankful for all if you guys that are technically inclined and that share with us this very vital info.
bloggers do not realize how lucky they are to have so much information ... FREE ...at their fingertips.
I for one totally appreciate all of you guys!
Big huggzz ~D~
Thank you so much for this very concise and informative post about conficker. In a way, after reading this post, I felt more confident that such worm will hopefully not find it's way into my PC as I have both Vista and my Anti-Virus fully updated. Good thing I decided to go legit, lol.
Good one, friend
Thank you so much for this very concise and informative post about conficker. In a way, after reading this post, I felt more confident that such worm will hopefully not find it's way into my PC as I have both Vista and my Anti-Virus fully updated. Good thing I decided to go legit, lol.
Good one, friend
a potentially good thing that has resulted from the Conficker scare is an overall heightened awareness of PC security
What you're saying is completely true. I know that everybody must say the same thing, but I just think that you put it in a way that everyone can understand. I'm sure you'll reach so many people with what you've got to say.
I don't know how should I give you thanks! I am totally stunned by your article. You saved my time. Thanks a million for sharing this article.
Post a Comment