Headless Conficker worm lives in computers

Jan 26, 2011 by Glenn Chapman
A unified effort has lopped the head off a treacherous Conficker computer worm but the malicious computer code lives on in infected machines.

A unified effort has lopped the head off a treacherous Conficker computer worm but the malicious computer code lives on in infected machines.

A Conficker Working Group report available online on Tuesday said the alliance has prevented the people who released the worm from using it to command computers as an army of machines referred to as a "."

"Nearly every person interviewed for this report said this aspect of the effort has been successful," the group said in a summary of its findings.

The group considered is biggest failure as "the inability to remediate infected computers and eliminate the threat of the botnet."

Despite efforts to eradicate Conficker, variations of the worm remain on more than five million computers, according to the report.

Conficker was first noticed "in the wild" in November of 2008 and spread quickly to computers around the world.

The worm, a self-replicating program, took advantage of networks or computers that weren't up to date with security patches for Windows operating software.

It was able to infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another.

"Conficker is among the largest botnets in the past five years," the report said. "It combined a number of the best tricks and traps within malware."

Conficker was designed to let cybercriminals take control of computers, perhaps to steal valuable data or use machines to fire off spam or launch attacks on websites or other online targets.

A task force assembled by Microsoft has been working to stamp out Conficker, also referred to as DownAdUp, and the software colossus placed a bounty of 250,000 dollars on the heads of those responsible for the threat.

The author of Conficker has not been caught, but hints in the code have led some researchers to suspect the culprit lived in Eastern Europe.

The Conficker Working Group has been touted as a powerful example of the importance of having traditionally rival and software firms unite to battle hackers.

The group said it thwarted the hackers behind Conficker by working with the Internet Corporation for Assigned Names and Numbers (ICANN) to cut the worm off from "command and control" online domains where it could download orders.

"Some suggested that the author may never have intended to utilize Conficker and the entire botnet was a feint or a 'head-fake,' " the report said.

"It is likely that the Conficker Working Group effort to counter the spread did make it more difficult for the author to act with impunity, but the author did not seem to have tried his or her hardest."

The attention focused on Conficker might have spooked the cyber criminals, or they may have been waiting for someone to pay to use the botnet in a nefarious take on offering services in the Internet "cloud," the report said.

"In many ways, did serve as a test run for the cybersecurity community to learn where their strengths and weaknesses were," the report concluded.

The Working Group was hailed as "evidence that differences can be overcome to cooperate against a threat."

The list of group members included Microsoft, Facebook, AOL, Cisco, IBM, VeriSign, ICANN, and a host of computer security firms.

Explore further: A Closer Look: Your (online) life after death

add to favorites email to friend print save as pdf

Related Stories

Huge computer worm Conficker stirring to life

Apr 09, 2009

(AP) -- The dreaded Conficker computer worm is stirring. Security experts say the worm's authors appear to be trying to build a big moneymaker, but not a cyber weapon of mass destruction as many people feared.

Conficker worm digs in around the world

Apr 01, 2009

Computer security top guns around the world watched warily as the dreaded Conficker worm squirmed deeper into infected machines with the arrival of an April 1st trigger date.

Conficker Worm Prepares For A New Release On April 1

Mar 27, 2009

(PhysOrg.com) -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over ...

Conficker worm dabbling with mischief

Apr 28, 2009

The Conficker worm's creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called "scareware."

Recommended for you

A Closer Look: Your (online) life after death

13 hours ago

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

13 hours ago

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

Protecting infrastructure with smarter CPS

20 hours ago

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

Apple helps iTunes users delete free U2 album

Sep 15, 2014

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

Habitual Facebook users: Suckers for social media scams?

Sep 15, 2014

A new study finds that habitual use of Facebook makes individuals susceptible to social media phishing attacks by criminals, likely because they automatically respond to requests without considering how they are connected ...

User comments : 0