Communications of the ACM
Experts See Early Activity From the Conficker Worm
An informal group of computer security experts said they have observed early attempts by the Conficker virus to communicate with a control server, but they are unsure if the attempts were successful. The Conficker malware, which has aggressively spread since October, is designed to unite infected machines into a botnet. Security researchers who have examined the most recent version of the malware, Conficker C, said it was ready to try to download commands from an unknown Internet location on April 1. Although the choice of April Fool's Day has led some experts to speculate that the program may be a hoax, others warn that Conficker, which has infected at least 12 million computers, could cause serious harm.
Nevertheless, security specialists agree that it will most likely take several days before the purpose of the program can be determined. The program was intended to start contacting 50,000 Internet domains on April 1st. In a global effort, researchers created a system that will trap all of the attempted botnet communications, which involves monitoring the domains of 110 countries.
A spokesperson for the Conficker Cabal, a security working group organized by computer security companies, says as of March 31st the group has no new information on the activity of Conficker. IBM says company researcher Mark Yason has decoded Conficker's internal communication protocol, which will make it easier for security teams to detect and interrupt the program's activities.
From The New York Times
View Full Article
No entries found