Conficker Still A Threat

By: Absolute Team | 2/27/2009

The Conficker worm continues to cause mass anxiety. Microsoft is offering a $250k reward for information about the cybercriminal and the industry is banding together to try to stop the spread of the worm that has infected 2-10 million PCs.

So far, the infected computers haven't been used for malicious activity, but analysts think it's only time before that happens. This could be the first stage to a larger attack - a single algorithm can tell Conficker-infected systems to contact domain names and be used to download malicious software.

"This worm would be a marvelous tool in hands of whoever can control it, but the real harm from it has yet to be felt, and we're trying to postpone that day." - Paul Vixie, founder of Internet Systems Consortium

Security researchers are working to register as many of the domains as possible that are being sought by Conficker in an attempt to prevent them from hosting malicious software. For those registered by others, the registrant information is being investigated for any ties to the cybercriminals behind this worm. In order to handle the scale of this attack, and future attacks, the industry has had to band together to co-ordinate efforts with governments around the world. For example, for the first time ever, domain name registrars have agreed to shelve Conficker domains, preventing them from being purchased.

There's also a new Conficker B++ variant which may be a response to blocked ability to register many Conficker domains. We suggest doing what you can to update your systems (see the latest Microsoft Security Advisory) to prevent your PC from being at risk.

And while on the topic of malware, Roger Grimes writes that the only malware cure is to start from scratch.
You may also want to read Bruce Schneier's analysis of Conficker and how it's spreading.

Image; wax115 @ morguefile

Financial Services