Conficker

[BigBear]

Just thought I would share a recent article on Conficker from the Atlantic

Interested in your opinions on it

[SNIPERDUDE]

Holy crap.

[jcollins1991]

Spent a few hours reading about worms (mainly Conficker) last week... As awful as it is, it seems really interesting (not so much the exploitation of Microsoft flaws, stuff like the generation of random domain names to update itself, more theory like stuff XD)... But also think that it seemed sorta fail how it needed so many updates to fix itself and to make itself better (I think there were 5 versions?), whoever made it should have made it properly the first time around...

[USEC_OFFICER]

How can you make a perfect worm to hack computer with people behind those computers? People. People who can do some crazy stuff. People who can react in ways you can even think of. People.

[Insectoid]

jcollins1991 @ Wed May 26, 2010 8:23 pm wrote:

Spent a few hours reading about worms (mainly Conficker) last week... As awful as it is, it seems really interesting (not so much the exploitation of Microsoft flaws, stuff like the generation of random domain names to update itself, more theory like stuff XD)... But also think that it seemed sorta fail how it needed so many updates to fix itself and to make itself better (I think there were 5 versions?), whoever made it should have made it properly the first time around...

It updates for the same reason everything else has updates (everything worth getting). It's very hard to make a perfect program. Perhaps the creators wanted to add functionality, security (Irony?) and other stuff they missed before. It's very hard to produce a perfect...product? the first time (and even after 5 updates it's still likely to have exploitable flaws).

[andrew.]

I wonder if at a certain date, all the Conficker-infected computers will do something all at once because so far the worm hasn't really done anything besides a small attack. I think that the creators are either trying to make a point that they can do it and this is what is does, or they are waiting for the perfect time for them to launch a huge attack.

[SNIPERDUDE]

Or it could be in auction. The trivial attack before may have been just proof to those who are willing to buy the power Conficker holds.
Either way, seeing how powerful the virus is we should be quite vigilant with such matters.

[BigBear]

It very well could be used at anytime, but I think the size of the botnet is decreasing and if they wanted to do something they would have done it when it was the largest.

[Unnamed.t]

Wow this sounds amazing in a bad way .....

For some reason I don't think Conficker is actually ever going to deploy an attack to actually do something. I know this sounds weird but actually think about it. I've had soo many viruses in my computer that doesn't really serve any purpose, it just annoys you; A LOT. As far as we all know, Conficker can just be one of those things that just annoy people drastically. And if you ask me, with all those people trying to decrypt it, all that work, (probably worth millions of dollars) it is succeeding in annoying people.

[chrisbrown]

Unnamed.t @ Thu May 27, 2010 5:05 pm wrote:

I've had soo many viruses in my computer that doesn't really serve any purpose, it just annoys you; A LOT.

They may not serve any purpose to you, but who's to say they aren't recording your actions, waiting for you to enter a credit card number or password? Few people would waste their time writing a program who's sole purpose is to be an annoyance. That annoyance is usually a sign that something malicious is going on behind the scenes.

Given the sophistication of Conficker, it's hard to say whether it's just an excercies, or of it's discreetly doing something malicious. However, I would not be suprised to learn that this and this are related.

[USEC_OFFICER]

Neither would I. But Conflicker seems too sophisticated for stealing facebook accounts. Credit card numbers? Maybe.

[BigBear]

Why would someone buy a facebook account?

Maybe for Farmville currency or something, that's all I can think off.

[USEC_OFFICER]

*Ahem* To control their profile? To find emails to spam? Stealing personal information? There is quite a lot you can do with Facebook accounts.

[ProgrammingFun]

Confiker could have been developed as a colaboration between antivirus companies to promote their products (after all, that is how viruses started out).

Or, someone really wanted to make fun of our current level of security (the aliens are attacking!!! ).

What if Confiker was developed for the purpose of monitoring computer activity around the world for good or for bad? (Good: some online security agency; Bad: [Insert worst case scenario here])

[Dan]

I am not sure what is with all the speculation going on in this topic. It is well understood what Conficker does and how it works.

The last variant installed scareware and a spambot as it's payload. It's is speculated that the worm orginated in the Ukraine (some variants did not infect Ukrainian IP addresses or with Ukrainian keyboard layouts) and the scareware and spambot payloads are download form a Ukrainian host.

The Wikipedia page has a lot of useful information on the worm with out getting to much into the details of it's inner works: http://en.wikipedia.org/wiki/Conficker . There are also some great analysiss linked to in the references such as the SRI International Technical Report on Conficker C: http://mtc.sri.com/Conficker/