Is Conficker overhyped?

Share this article:
Reports of the Conficker worm are being vastly exaggerated and it will not have as big an impact as is being predicted.
 
Press coverage has overhyped the issue of Conficker, and although it is dangerous, the security community has known about this worm since the first variant, claimed Rick Howard, director of security intelligence at iDefense.
 
“The mitigation recommendations are the same for this fourth variant as they were for the first," Howard said. "Variants of the Conficker worm have been spreading since November of last year and the worm has infected millions of systems, but does not yet have a clear purpose."
 
The attacker recently released a major update to Conficker, known as Conficker.C. This variant contains two major new features. First, the domain generation algorithm now creates 50,000 random domains, and attempts to contact 500 of them each day. It is completely impractical for the ‘Conficker Cabal,' a group of security researchers, to lock down all 50,000 domains generated each day.
 
“The attacker will not register all of these domains, but will have a much better chance of successfully registering at least one that infected nodes will contact. Given that Conficker.C nodes will only contact 500 of the domains each day, it is likely that they will not reach the Command and Control (C&C) server on the first day. It will likely be days or weeks before all nodes can be properly updated to the latest version.”
 
Howard claimed that additions to the code include a P2P file sharing ability and a change to the algorithm for the domain names, so the additional functionalities will spread it further and make it harder to track.
 
“The code has evolved and new functionalities have been added that makes it harder to block, but the reason everyone is concerned is because they don't know what it will do. The attacker probably limited the total domains to contact to avoid generating too much traffic, which could bring attention to the infected computer by security administrators.
 
“The combination of these two update mechanisms will help solidify the attacker's control over the Conficker network, which the cabal has partially wrestled away. What the attacker does with the network after making updates is unclear. What is clear is that the threat of Conficker is nothing new, and the precautions responsible users and organizations have already deployed will protect them from the latest Conficker.C, despite the updates that will go live on April Fool's Day,” said Howard.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

More in News

Home Depot: breach risks 56M payment cards, 'unique' malware used

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

Gartner: 75 percent of mobile apps will fail security tests through end ...

As BYOD and mobile computing become more critical to business, app downloads will raise security risks.

eBay addresses XSS issue affecting auction page visitors

Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.