The Conficker Worm is like the Paris Hilton of computer security: Famous solely for being famous. Neither has actually ever done anything of note. But, at least Paris has a sense of humor about her celebrity. Conficker just wastes people's time.
Your time and mine, for example. You're reading this because someone--not me--convinced you that Conficker matters. I am writing this because IBM has convinced me that Conficker is a wash. If it turns out differently, I'll owe the worm at apology. Paris can fend for herself.
I may host a daily call-in radio program, but I am not a conspiracy nut. Still, don't you sometimes wonder who is responsible for "threats" that develop such a high profile? I am not saying the industry that protects us against these threats might somehow be in cahoots with the people who create them. No, I am not saying that.
Conficker has once again reminded us that our systems are vulnerable and we need to invest $$$ in protection. Or has it already backfired?
Maybe Conficker will prove that what we already have works pretty well. Maybe Microsoft did a good job dealing with this threat and the anti-malware vendors likewise. Maybe Conficker will send the message that what we are doing is just fine, thank you. Spend more money to counter threats like this? Why?
Watching the news coverage as 12:01am local time on April 1 marches around the globe reminds me of the last time we did this. You remember the Y2K bug, don't you?
Back then, the world's mainframes were supposed to croak as 1999 rolled into 2000. Like today, I watched--only back then I was sitting in an emergency operations center--as countries around the global rang in the New Year with their vital infrastructure intact.
Last time, we were saved from a very real problem by a lot of recoding, necessary to work around the time/date problem. This time, we are saved from a not very significant problem by a Microsoft patch that everyone should already have had as well as wide variety of tools capable of clearing Conficker from our systems.
As I write this, Conficker seems to be passing more or less harmlessly by. The clock is actually working in our favor. IBM estimated that Asia has the largest collection of Infected-infected systems. North America about a third as many as Asia. Europe has more than we do.
If Asia and Europe survive Conficker, we don't have much to worry about. Conficker will pass from our consciousness and I won't owe the worm an apology.
If only Paris Hilton were so easy to protect ourselves against.
Wednesday, April 8, 2009
Conficker's Zero Hour Arrives Without Event -- Yet
An expected activation of the Conficker.c worm at midnight on April 1 passed without incident, despite sensationalized fears that the Internet itself might be affected, but security researchers said users aren't out of the woods yet.
"These guys have no designs, I think, on taking down the infrastructure, because that would separate them from their victims," said Paul Ferguson, a threat researcher at antivirus vendor Trend Micro, calling the technology and design of Conficker.c as "pretty much state of the art."
"They want to keep the infrastructure up and in place to make it much harder for good guys to counter and mitigate what they've orchestrated," he said.
The Worm Stirs
Conficker.c was programmed to establish a link from infected host computers with command-and-control servers at midnight GMT on April 1. To reach these control servers, Conficker.c generates a list of 50,000 domain names and then selects 500 domain names to contact. That process has started, researchers said.
Exactly how many computers are infected with Conficker.c is not yet known, but the estimated number of systems infected by all variants of the Conficker worm exceeds 10 million, making this one of the largest botnets ever seen.
While infected computers have started reaching out to command servers as expected, nothing untoward has happened.
"We have observed that Conficker is reaching out, but so far none of the servers they are trying to reach are serving any new malware or any new commands," said Toralv Dirro, a security strategist at McAfee Avert Labs, in Germany.
This may just mean the people who control Conficker are biding their time, waiting for researchers and IT managers to relax their guard and assume the worst is over.
"It would be pretty stupid for the guys running Conficker to use the first possible opportunity, when everybody is very excited about it and looking at it very carefully," Dirro said. "If something was going to happen, it would probably happen in a couple of days."
Detections, Innoculations Increase
Time is not on Conficker's side. The worm can be easily detected and removed by users. For example, if a PC is unable to reach Web sites such as McAfee.com, Microsoft.com, or Trendmicro.com that is an indication that the computer may be infected.
In addition, IT managers can easily spot traffic coming from odd domain names and block access to the computers on their company networks. "The longer criminals wait, the less infected hosts they've got," Dirro said.
Additional help comes from a loose coalition of security vendors and others called the Conficker Working Group, which has banded together to block access to domains that Conficker is trying to communicate with. But it's not immediately clear whether those efforts, which have been successful at blocking earlier versions of the worm, will be effective against the activation of Conficker.c.
"We can't really say how successful the attempts at blocking them or not routing them are," Dirro said. "That's something we'll see when the first domain actually starts serving malware, if at least one starts doing that."
Despite the uneventful passing of the activation deadline, the threat presented by Conficker remains real.
"These guys are very sophisticated, very professional, very determined and very measured in how they implement and make changes to things," Ferguson said, adding that Conficker.c is better defended and more survivable than previous versions of the worm. "This activation on April 1 was probably just arbitrary and picked to cause hysteria."
At some point, the people behind Conficker.c could try to generate revenue from the botnet they've created or they could have other intentions.
"The big mystery is that there's this big loaded gun out there, this network of millions of machines that's under the control of persons unknown," Ferguson said. "They've given no indication of what their motives are other than toying with people."
"These guys have no designs, I think, on taking down the infrastructure, because that would separate them from their victims," said Paul Ferguson, a threat researcher at antivirus vendor Trend Micro, calling the technology and design of Conficker.c as "pretty much state of the art."
"They want to keep the infrastructure up and in place to make it much harder for good guys to counter and mitigate what they've orchestrated," he said.
The Worm Stirs
Conficker.c was programmed to establish a link from infected host computers with command-and-control servers at midnight GMT on April 1. To reach these control servers, Conficker.c generates a list of 50,000 domain names and then selects 500 domain names to contact. That process has started, researchers said.
Exactly how many computers are infected with Conficker.c is not yet known, but the estimated number of systems infected by all variants of the Conficker worm exceeds 10 million, making this one of the largest botnets ever seen.
While infected computers have started reaching out to command servers as expected, nothing untoward has happened.
"We have observed that Conficker is reaching out, but so far none of the servers they are trying to reach are serving any new malware or any new commands," said Toralv Dirro, a security strategist at McAfee Avert Labs, in Germany.
This may just mean the people who control Conficker are biding their time, waiting for researchers and IT managers to relax their guard and assume the worst is over.
"It would be pretty stupid for the guys running Conficker to use the first possible opportunity, when everybody is very excited about it and looking at it very carefully," Dirro said. "If something was going to happen, it would probably happen in a couple of days."
Detections, Innoculations Increase
Time is not on Conficker's side. The worm can be easily detected and removed by users. For example, if a PC is unable to reach Web sites such as McAfee.com, Microsoft.com, or Trendmicro.com that is an indication that the computer may be infected.
In addition, IT managers can easily spot traffic coming from odd domain names and block access to the computers on their company networks. "The longer criminals wait, the less infected hosts they've got," Dirro said.
Additional help comes from a loose coalition of security vendors and others called the Conficker Working Group, which has banded together to block access to domains that Conficker is trying to communicate with. But it's not immediately clear whether those efforts, which have been successful at blocking earlier versions of the worm, will be effective against the activation of Conficker.c.
"We can't really say how successful the attempts at blocking them or not routing them are," Dirro said. "That's something we'll see when the first domain actually starts serving malware, if at least one starts doing that."
Despite the uneventful passing of the activation deadline, the threat presented by Conficker remains real.
"These guys are very sophisticated, very professional, very determined and very measured in how they implement and make changes to things," Ferguson said, adding that Conficker.c is better defended and more survivable than previous versions of the worm. "This activation on April 1 was probably just arbitrary and picked to cause hysteria."
At some point, the people behind Conficker.c could try to generate revenue from the botnet they've created or they could have other intentions.
"The big mystery is that there's this big loaded gun out there, this network of millions of machines that's under the control of persons unknown," Ferguson said. "They've given no indication of what their motives are other than toying with people."
HP Confirms Considering Android in Netbooks
Hewlett-Packard confirmed Tuesday that it is testing Google's Android operating system as a possible alternative to Windows in some of its netbook computers.
Analysts said the move would allow HP to develop a low-cost netbook optimized for wireless networks that provides access to Web-based services such as Google Docs, but others questioned whether the Google software is ready for such a task.
"Right now Android is barely finished for phones," said Avi Greengart, an analyst at Current Analysis. While it works well enough for T-Mobile's G1 smartphone, the software was released only last year and "the UI still feels half-finished," he said.
HP stressed that it was still only testing Android, an OS based on the open-source Linux kernel. It has assigned engineers to the task but has made no decision yet whether to offer Android in products, said HP spokeswoman Marlene Somsak. The news was first reported earlier Tuesday by the Wall Street Journal.
"We want to assess the capability it will have for the computing and communications industry," Somsak said. "We remain open to considering various OS options."
Netbooks are small, low-cost computers that are designed primarily for browsing the Web and doing basic computing tasks. The category has proved popular -- about 10 million netbooks shipped in 2008 and the number is expected to double this year, according to IDC.
Android was designed for mobile phones but has been seen by some others besides HP as a potential OS for netbooks. Some enthusiasts have been testing Android on netbooks such as Asustek's Eee PC, and chip makers such as Qualcomm and Freescale hope to bring Android to netbooks running on their Arm-based chips.
HP may have in mind a netbook optimized for use with Web-based services such as the Google Docs hosted applications suite and Google's online storage service, said Roger Kay, president of Endpoint Technologies Associates.
The fact that notebooks are designed to provide quick access to online services, often over wireless networks, makes them in some ways like oversized smartphones.
There are also no license fees for Android, which could allow hardware makers to offer lower-priced computers than those running Windows. However, consumers have been willing to pay extra in the past for netbooks running Windows, analysts noted.
HP already offers some PCs with a choice of Linux or Windows, and introducing another OS choice would come with some risk, said David Daoud, a research manager at IDC. Some end-users don't like Linux because they are unfamiliar with it, he said.
"We've seen a number of netbooks returned as a result of the Linux OS. Consumers are used to the Microsoft Windows world," Daoud said. Linux adoption remains weak on client computers, especially in mature markets like the U.S. and Western Europe, he noted.
Still, there may be an upside for Android if HP were to make it work in netbooks. HP's heft as the world's largest PC maker would widen Android's use, Daoud said. It could see success in emerging markets like India and China, where Linux adoption is growing.
But HP would need to deliver a consumer-friendly product that makes Linux easier to use in PCs, Daoud said.
Analysts said the move would allow HP to develop a low-cost netbook optimized for wireless networks that provides access to Web-based services such as Google Docs, but others questioned whether the Google software is ready for such a task.
"Right now Android is barely finished for phones," said Avi Greengart, an analyst at Current Analysis. While it works well enough for T-Mobile's G1 smartphone, the software was released only last year and "the UI still feels half-finished," he said.
HP stressed that it was still only testing Android, an OS based on the open-source Linux kernel. It has assigned engineers to the task but has made no decision yet whether to offer Android in products, said HP spokeswoman Marlene Somsak. The news was first reported earlier Tuesday by the Wall Street Journal.
"We want to assess the capability it will have for the computing and communications industry," Somsak said. "We remain open to considering various OS options."
Netbooks are small, low-cost computers that are designed primarily for browsing the Web and doing basic computing tasks. The category has proved popular -- about 10 million netbooks shipped in 2008 and the number is expected to double this year, according to IDC.
Android was designed for mobile phones but has been seen by some others besides HP as a potential OS for netbooks. Some enthusiasts have been testing Android on netbooks such as Asustek's Eee PC, and chip makers such as Qualcomm and Freescale hope to bring Android to netbooks running on their Arm-based chips.
HP may have in mind a netbook optimized for use with Web-based services such as the Google Docs hosted applications suite and Google's online storage service, said Roger Kay, president of Endpoint Technologies Associates.
The fact that notebooks are designed to provide quick access to online services, often over wireless networks, makes them in some ways like oversized smartphones.
There are also no license fees for Android, which could allow hardware makers to offer lower-priced computers than those running Windows. However, consumers have been willing to pay extra in the past for netbooks running Windows, analysts noted.
HP already offers some PCs with a choice of Linux or Windows, and introducing another OS choice would come with some risk, said David Daoud, a research manager at IDC. Some end-users don't like Linux because they are unfamiliar with it, he said.
"We've seen a number of netbooks returned as a result of the Linux OS. Consumers are used to the Microsoft Windows world," Daoud said. Linux adoption remains weak on client computers, especially in mature markets like the U.S. and Western Europe, he noted.
Still, there may be an upside for Android if HP were to make it work in netbooks. HP's heft as the world's largest PC maker would widen Android's use, Daoud said. It could see success in emerging markets like India and China, where Linux adoption is growing.
But HP would need to deliver a consumer-friendly product that makes Linux easier to use in PCs, Daoud said.
Subscribe to:
Posts (Atom)
