caveman_nige
31st March, 2009, 06:41 PM
Security experts are downplaying the potential impact of a virus which some believe is set to strike on 1 April.
Conficker has infected up to 15 million computers to date and is set to change the way it works on Wednesday.
There have been some reports the worm could trigger poisoned machines to access personal files, send spam, clog networks or crash sites.
"We don't know what will happen but don't expect anything dramatic," Symantec's Vincent Weafer told the BBC.
He added: "We believe the software is geared towards making money. The characteristic of this type of worm is to keep it slow and low, keep it under the radar to slowly maximise profits over the long term."
Mr Weafer, vice-president of security response at anti-virus firm Symantec, said: "We are going to be on high alert for a long time. Come 2 April we will still be watching while most people will have moved their focus elsewhere."
Origins
Conficker, also known as Downadup or Kido, first appeared last November. The worm is self-replicating and has attacked a vulnerability in machines using Microsoft's Windows operating system, the software that runs most computers.
It can infect machines via a net connection or by hiding on USB memory drives used to ferry data from one computer to another. Once in a computer, it digs deeps, setting up defences making it hard to extract.
http://newsimg.bbc.co.uk/media/images/40118000/jpg/_40118869_sassweds-bbc203.jpg Microsoft put up $250,000 to catch those behind Conficker
Among those affected by the virus have been the House of Commons and the defence forces of the UK, Germany and France.
The reason for the hype and the concern around Conficker is that 1 April is the day the worm is set to change the way it updates itself, moving to a system that is much harder to combat.
Five months ago a consortium of web security firms banded together to form the Conficker Working Group, to learn more about the worm and to try to stop it.
Last weekend the team located what they call a "fingerprint" or "signature" for the virus that means they can detect how an infected machine can be identified on a network much quicker than previously.
Security researcher Dan Kaminsky, a member of the group and director of penetration testing at IOActive, told the BBC this was a major breakthrough.
"We know these bad guys are in places they really shouldn't be. With this new trick it is much easier to find them. It means we can say, OK, I don't know what will happen but I can tell you 10,000 systems are under the control of the bad guys and here they are."
Lucrative
While no-one in the industry is 100% sure of the aim of Conficker, they are positive the people behind it are more concerned about making money than causing mayhem.
That is a view backed by PC Magazine editor-in-chief Lance Ulanoff.
"People write malware today not because they want to make a public splash. It's old school to want to make computer screens turn red and say Love Bug.
http://newsimg.bbc.co.uk/media/images/45381000/jpg/_45381654_downadup-bbc226.jpg.jpg The worm has also been able to spread via USB flash drives.
"Today crime syndicates run these things because they are interested in making money and if they are not making money there is no point in it."
A recent report by security firm Finjan claimed that cybercrime is as lucrative a business as drug trafficking.
Its Cybercrime Intelligence Report found that a single hacker could make as much as $10,800 (?7,300) a day, which the company extrapolated to $3.9m (?2.6m) a year.
Finjan's chief technology officer Yuval Ben-Itzhak said: "Cybercrime today is a very, very big business and those behind Conficker have spent a lot of money organising, writing code and securing these machines so they will be looking for a return soon.
"This type of cybercrime activity is here to stay and will grow because there is so much money involved and its hard to get caught."
"Arms race"
In February Microsoft put up a bounty of $250,000 to anyone who could help identify those behind Conficker. It also issued patches to address the vulnerability.
Industry experts say consumers and companies should regularly update their security software and apply Windows updates as well as protect computers and files with strong passwords.
http://newsimg.bbc.co.uk/media/images/45397000/jpg/_45397776_000162863-1.jpg Conficker is an aggressive worm that has crawled into millions of machines
Symantec has issued a free trial version of its products that will detect and remove the worm.
VeriSign, one of the guardians of the networked world, believes these bugs exist because the general level of security is just not high enough.
"This is a testament to making consumer products useable and user friendly, which means security has to be relaxed a little," said VeriSign's chief technology officer Ken Silva.
"If all the security measures were deployed that should be deployed, they would become too annoying and too difficult for most consumers."
Many in the industry describe Conficker as one of the worst worms they have seen for years and certainly one of the more aggressive.
"This is an arms race," said Mr Kaminsky. "We have to find these guys. We have done it in the past. I can do what I can as a geek but there is as much need for law enforcement and state action as there is for technical creativity.
"But people should feel good because the good guys are working to stop these bad guys."
Source: BBC NEWS | Technology | Security experts eye worm attack (http://news.bbc.co.uk/1/hi/technology/7973131.stm)
Conficker has infected up to 15 million computers to date and is set to change the way it works on Wednesday.
There have been some reports the worm could trigger poisoned machines to access personal files, send spam, clog networks or crash sites.
"We don't know what will happen but don't expect anything dramatic," Symantec's Vincent Weafer told the BBC.
He added: "We believe the software is geared towards making money. The characteristic of this type of worm is to keep it slow and low, keep it under the radar to slowly maximise profits over the long term."
Mr Weafer, vice-president of security response at anti-virus firm Symantec, said: "We are going to be on high alert for a long time. Come 2 April we will still be watching while most people will have moved their focus elsewhere."
Origins
Conficker, also known as Downadup or Kido, first appeared last November. The worm is self-replicating and has attacked a vulnerability in machines using Microsoft's Windows operating system, the software that runs most computers.
It can infect machines via a net connection or by hiding on USB memory drives used to ferry data from one computer to another. Once in a computer, it digs deeps, setting up defences making it hard to extract.
http://newsimg.bbc.co.uk/media/images/40118000/jpg/_40118869_sassweds-bbc203.jpg Microsoft put up $250,000 to catch those behind Conficker
Among those affected by the virus have been the House of Commons and the defence forces of the UK, Germany and France.
The reason for the hype and the concern around Conficker is that 1 April is the day the worm is set to change the way it updates itself, moving to a system that is much harder to combat.
Five months ago a consortium of web security firms banded together to form the Conficker Working Group, to learn more about the worm and to try to stop it.
Last weekend the team located what they call a "fingerprint" or "signature" for the virus that means they can detect how an infected machine can be identified on a network much quicker than previously.
Security researcher Dan Kaminsky, a member of the group and director of penetration testing at IOActive, told the BBC this was a major breakthrough.
"We know these bad guys are in places they really shouldn't be. With this new trick it is much easier to find them. It means we can say, OK, I don't know what will happen but I can tell you 10,000 systems are under the control of the bad guys and here they are."
Lucrative
While no-one in the industry is 100% sure of the aim of Conficker, they are positive the people behind it are more concerned about making money than causing mayhem.
That is a view backed by PC Magazine editor-in-chief Lance Ulanoff.
"People write malware today not because they want to make a public splash. It's old school to want to make computer screens turn red and say Love Bug.
http://newsimg.bbc.co.uk/media/images/45381000/jpg/_45381654_downadup-bbc226.jpg.jpg The worm has also been able to spread via USB flash drives.
"Today crime syndicates run these things because they are interested in making money and if they are not making money there is no point in it."
A recent report by security firm Finjan claimed that cybercrime is as lucrative a business as drug trafficking.
Its Cybercrime Intelligence Report found that a single hacker could make as much as $10,800 (?7,300) a day, which the company extrapolated to $3.9m (?2.6m) a year.
Finjan's chief technology officer Yuval Ben-Itzhak said: "Cybercrime today is a very, very big business and those behind Conficker have spent a lot of money organising, writing code and securing these machines so they will be looking for a return soon.
"This type of cybercrime activity is here to stay and will grow because there is so much money involved and its hard to get caught."
"Arms race"
In February Microsoft put up a bounty of $250,000 to anyone who could help identify those behind Conficker. It also issued patches to address the vulnerability.
Industry experts say consumers and companies should regularly update their security software and apply Windows updates as well as protect computers and files with strong passwords.
http://newsimg.bbc.co.uk/media/images/45397000/jpg/_45397776_000162863-1.jpg Conficker is an aggressive worm that has crawled into millions of machines
Symantec has issued a free trial version of its products that will detect and remove the worm.
VeriSign, one of the guardians of the networked world, believes these bugs exist because the general level of security is just not high enough.
"This is a testament to making consumer products useable and user friendly, which means security has to be relaxed a little," said VeriSign's chief technology officer Ken Silva.
"If all the security measures were deployed that should be deployed, they would become too annoying and too difficult for most consumers."
Many in the industry describe Conficker as one of the worst worms they have seen for years and certainly one of the more aggressive.
"This is an arms race," said Mr Kaminsky. "We have to find these guys. We have done it in the past. I can do what I can as a geek but there is as much need for law enforcement and state action as there is for technical creativity.
"But people should feel good because the good guys are working to stop these bad guys."
Source: BBC NEWS | Technology | Security experts eye worm attack (http://news.bbc.co.uk/1/hi/technology/7973131.stm)