Conficker C. Virus AKA Anti-Virus 2009: April 1st update

Read my original article on Conficker B and it’s mutations.

Lets begin with this quote from NY times…

A McAfee spokesperson told us that “McAfee researchers are monitoring for any signs of a Conficker outbreak” while warning that users should not assume a false sense of security: “Security is not a joke. In 2008, McAfee saw the largest number of malware – over 2 million malicious programs which equals nearly 5,500 pieces of malware per day.”

Journalists should stop quoting sources like McAfee, who invariably use the opportunity to spread fear and uncertainty to increase sales of their ineffective products.

If they were going to quote,  for an article like this, and choose someone from an anti-malware company, select personal more knowledgeable than a spokesperson.

There was excessive y2k like media hype around an April fools activation of the botnets controlled through Conficker, but what What would be the monetary gain of activating the virus on April 1st with the world closely watching on? Botnets are made up of infected computers, created and controlled by viruses like Conficker,  they are used for one purpose in these modern times, that’s money. For example they can be used against a gambling website as a threat to run a denial of service attack (DoS) against their server on the date of the Indie 500, in exchange they would demand a large sum of money.  The old protection racket.

Now that the Conficker authors have the world listening, they could theoretically pull some sort of massive global threat for exchange of say one….million….dollars.  This is very unlikely because every security expert and their mom’s infected hard drive, are wanting to catch these guys.  Most likely the authors of Conficker will continue to lay low and collect their checks, from the various versions of the virus and their “affiliates” who’s business it is to stuff the virus inside torrents, emails and website pop ups to  infect as many computers as possible for a cut of the profit.  The BBC stated that there are no reports of “unusual PC behavior” emerging from Asia where a great many of the 15 million Conficker infected machines are located confirming the April 1st hype is hot air.

The organization attempting to track the many changes to the virus, the Internet Corporation for Assigned Names and Numbers refer to the loosely pyramidal structured criminal organization behind Conficker,  as the Conficker Cabal.   It is easy to constantly change a virus to make it undetectable often having to only change one a 1 to a 0, or making other slight alterations. This changes the blueprint or pattern, so that most anti-virus programs will no longer have that specific pattern in their database, and be able to match and flag it as a virus.

The Conficker worm already had been through several versions when the alliance of computer security experts seized control of 250 Internet domain names the system was planning to use to forward instructions to millions of infected computers.

Shortly thereafter, in the first week of March, the fourth known version of the program, Conficker C, expanded the number of the sites it could use to 50,000. That step made it virtually impossible to stop the Conficker authors from communicating with their botnet.

The latest major variation of the virus Conficker C constitutes a major rewrite of the software. Not only does it make it far more difficult to disable, via an antivirus software or registry edits but the authors have taken into account Microsoft’s security update features they made popular for the virus as well.

The Conficker authors were using the most advanced computer security techniques, said the original version of the program contained a recent security feature developed by an M.I.T. computer scientist, Ron Rivest, that had been made public only weeks before. And when a revision was issued by Dr. Rivest’s group to correct a flaw, the Conficker authors revised their program to add the correction.

One of the largest botnets tracked last year consisted of 1.5 million infected computers that were being used to automate the breaking of “captchas.” Many different individuals control their own botnets without the Conficker Cabal only being loosely centralized, other activities of the virus include, identity theft, extortion and using the computers to send spam.

On a semi related note, here’s a conversation I over-heard in my Management of Info and Network Security class today:

Student 1: Oh, professor…did you hear ’bout that uh, that virus-trojan thing?

Professor: Oh, you mean the compt..uh, er, corn…compfiker thing?

Student 1: Yeah, cuz I heard it like, crashed Microsoft or somethin’!?!

Professor: Oh, no. That part was probably just an April fools joke. Windows comes with a firewall to prevent stuff like that from happening.

Student 2: (In a thick accent) Do you know where I am to be getting download patch, to fix the crack of that?

Professor: Oh, just watch The CNNs. They put out one of them hyper texts this morning.

All things considered, it was a semi-good disscussion when compared to some other gems that I’ve heard in this class.

Professor: “I think it’s a good idea to give up freedoms for security. After all those…things, I’d rather just sleep in the air port over night so I can get checked in line early, the next day to get that TSA stuff out of the way. I feel safer knowin’ that it stops the wrong kinds of people from gettin’ in the air.” (I’ve assumed that this is his position because he’s a retired cop, but some of the things he says just seem blatantly ignorant. I wont go into a lot of them, as they require too much context to be fully understood.)

“You don’t have to really know anything about how hardware [and software] works to know how to make policies and regulations on how the ‘geeks’ should be using it.”

“People don’t really use flow charts anymore.”

“You don’t have to worry about viruses gettin’ into your system, as long as you have some anti-virus software.” (Doesn’t seem too bad, except for the fact that he would only exclusively refer to Norton and Macefe.)

I’ve mentioned Linux, Open source and TrueCrypt to only have them met with blank stares.

Needless to say, I get a lot of other work done in that class.

No, I am not fucking with you, and yes, this is (supposed to be) a college level class I’m reffering to.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s