Conficker Hype And Debate Build As April Fool's Day Nears
30 Mars 2009 - 4:15PM
Dow Jones News
Security experts have sounded the alarm - and many others are
just as loudly trying to quell the furor - over fears the Conficker
computer worm could trigger Internet havoc on April 1.
Some security researchers have warned that Conficker could
unleash the equivalent of a "digital Pearl Harbor," while others
have suggested it could be world's biggest April Fool's joke. No
one knows for sure what will happen on Wednesday when as many as 10
million computers infected by Conficker start "phoning home" for
new instructions from the worm's creators.
Multiple versions of the worm, which first appeared late last
year, have spread in a variety of ways and take advantage of
several weaknesses in Microsoft Corp.'s (MSFT) Windows operating
system. The software giant fixed those weaknesses in October, but
many people didn't download the patch or they run bootleg copies of
Windows that don't get the updates.
Once Conficker infiltrates a machine, it tries to crack
administrators' passwords, hijack security software, disable
commercial antivirus software, and opens the PCs to further
infections. Internet security experts were so struck by the
authors' skills that they formed the "Conficker Cabal" to fight
back against the worm.
Their challenge is apt to get a whole lot bigger on Wednesday
when Conficker is set to generate 50,000 new Internet domain names,
any of which could be used to take control of the millions of
infected PCs. The vast number of potential control centers will
make it extremely difficult to preemptively cut off communication
between the infected computers and Conficker's authors.
Some researchers - and many media outlets, including CBS' "60
Minutes" - have speculated that the worm's authors could then
trigger the program to send spam, spread more infections, or start
an all-out attack on Web sites run by major Internet companies such
as Google Inc. (GOOG), Yahoo Inc. (YHOO) or Amazon.com Inc.
(AMZN)
But others who have been following the worm say the date will
probably come and go without event. Luis Corron, a director at
Panda Security, played down the threat Friday in a blog post
entitled "Don't get taken in by the Conficker Panic."
Corron noted that criminals and hackers typically unleash
Internet worms to surreptitiously build huge networks of "zombie"
computers that can then be harnessed to send spam, or increasingly
to steal vast amounts of personal and financial data available
online. That would augur against at crippling Internet attack.
Rick Howard, intelligence director at Verisign Inc.'s (VRSN)
iDefense Labs, said researchers scouring the Internet have
discovered copies of the updated worm lying in wait to be activated
on April 1. He said that while those copies point to a more
sophisticated version of the worm, they don't contain a payload
that would launch an attack on Wednesday.
"It's unclear what it's for right now," he said of Conficker.
"It could be used for lots of things, but there's not going to be a
catastrophe on April 1."
-By Scott Morrison, Dow Jones Newswires; 415-765-6118;
scott.morrison@dowjones.com