Is Conficker overhyped?

Share this article:
Reports of the Conficker worm are being vastly exaggerated and it will not have as big an impact as is being predicted.
Press coverage has overhyped the issue of Conficker, and although it is dangerous, the security community has known about this worm since the first variant, claimed Rick Howard, director of security intelligence at iDefense.
“The mitigation recommendations are the same for this fourth variant as they were for the first," Howard said. "Variants of the Conficker worm have been spreading since November of last year and the worm has infected millions of systems, but does not yet have a clear purpose."
The attacker recently released a major update to Conficker, known as Conficker.C. This variant contains two major new features. First, the domain generation algorithm now creates 50,000 random domains, and attempts to contact 500 of them each day. It is completely impractical for the ‘Conficker Cabal,' a group of security researchers, to lock down all 50,000 domains generated each day.
“The attacker will not register all of these domains, but will have a much better chance of successfully registering at least one that infected nodes will contact. Given that Conficker.C nodes will only contact 500 of the domains each day, it is likely that they will not reach the Command and Control (C&C) server on the first day. It will likely be days or weeks before all nodes can be properly updated to the latest version.”
Howard claimed that additions to the code include a P2P file sharing ability and a change to the algorithm for the domain names, so the additional functionalities will spread it further and make it harder to track.
“The code has evolved and new functionalities have been added that makes it harder to block, but the reason everyone is concerned is because they don't know what it will do. The attacker probably limited the total domains to contact to avoid generating too much traffic, which could bring attention to the infected computer by security administrators.
“The combination of these two update mechanisms will help solidify the attacker's control over the Conficker network, which the cabal has partially wrestled away. What the attacker does with the network after making updates is unclear. What is clear is that the threat of Conficker is nothing new, and the precautions responsible users and organizations have already deployed will protect them from the latest Conficker.C, despite the updates that will go live on April Fool's Day,” said Howard.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Next Article in News

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.