Conficker worm dabbling with mischief

Apr 28, 2009 by Glenn Chapman
A man downloads a patch from Microsoft's web site to protect his computer from a worm virus. The Conficker worm's creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called "scareware."

The Conficker worm's creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called "scareware."

An April update sent to a tiny percentage of infected computers had the machines retrieve components of notorious Storm and Waledac worms unleashed in past years to create armies of "botnets" -- automated crime networks -- for spreading spam or scareware.

"It looks like these guys are perhaps testing the waters to see which one of those would be a better money-maker for them," Trend Micro advanced threats researcher Paul Ferguson said Monday of Conficker's masters.

"We have always suspected that the people behind this would not sit idly by without trying to make money off this somehow. Spamming and rogue anti-virus are pretty lucrative for these guys."

Ties to components of Storm and Waledac signal that Conficker's creators were likely involved with the other , according to security specialists.

"This connects the dots that the same people behind Conficker are the people behind Waledac and Storm," Ferguson said, noting that evidence is pointing to an organized enterprise in the Ukraine.

"These are well-funded organized in Eastern Europe. They want to steal people's money out of their pockets without being noticed. This same criminal operation is very business savvy."

Hackers are increasingly hiding viruses in bogus to trick people into installing treacherous programs on machines, Microsoft warned earlier this month.

Rogue security software referred to as "scareware" pretends to check computers for viruses, and then claims to find dangerous infections that the program will fix for a fee.

"The rogue software lures them into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information," Microsoft said.

Hackers have been capitalizing on hype and fear surrounding Conficker to trick people into loading scareware onto computers.

A task force assembled by Microsoft has been working to stamp out Conficker, also referred to as DownAdUp, and the software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat.

The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows.

It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another.

Conficker could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.

Ferguson believes Conficker's creators are out for cash, not wanton destruction, but that the worm's spread is a sobering reminder that botnets could be turned against Internet-linked parts of national infrastructures.

"How do you rationalize connecting critical networks to the Internet when those kinds of attacks are possible?" Ferguson asked rhetorically.

"We used to joke that the only guarantee for 100 percent security is a pair of wire cutters."

(c) 2009 AFP

Explore further: Japan court orders Facebook to reveal revenge porn IP addresses

add to favorites email to friend print save as pdf

Related Stories

Conficker worm digs in around the world

Apr 01, 2009

Computer security top guns around the world watched warily as the dreaded Conficker worm squirmed deeper into infected machines with the arrival of an April 1st trigger date.

Huge computer worm Conficker stirring to life

Apr 09, 2009

(AP) -- The dreaded Conficker computer worm is stirring. Security experts say the worm's authors appear to be trying to build a big moneymaker, but not a cyber weapon of mass destruction as many people feared.

Conficker Worm Prepares For A New Release On April 1

Mar 27, 2009

(PhysOrg.com) -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over ...

Recommended for you

Kickstarter suspends privacy router campaign

Oct 20, 2014

Kickstarter has suspended an anonymizing router from its crowdfunding site. By Sunday, the page for "anonabox: A Tor hardware router" carried an extra word "(Suspended)" in parentheses with a banner below ...

User comments : 8

Adjust slider to filter visible comments by rank

Display comments: newest first

gopher65
5 / 5 (1) Apr 28, 2009
I'm surprised that none of the big corporations who are being hit hard by this kind of thing have decided to take matters into their own hands by hiring a few mercenary groups to track these idiots down and... aaahh... unplug their internet connections... permanently. They are funded by mob groups after all. Who would miss them?

Could be fun to watch, from a safe distance of course:P.
frajo
2.3 / 5 (3) Apr 28, 2009
"The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows."

Well, I certainly have not kept up to date with security patches for Windows and I'll never do.
As well, I'm not in need neither of bogus computer security software nor of regular computer security software.
It depends which operating system you choose. And the choice is yours.
LuckyBrandon
3 / 5 (4) Apr 28, 2009
ANY operating system is subject to viral infections. It simply depends on what OS the virus is targeting is all.
lengould100
not rated yet Apr 28, 2009
Agreed with LuckyBrandon: If there existed 250 million machines running Ubuntu or Apple on the net, then the hackers would be just a far along in getting into them as into Windows.

Concerned about "companies cutting the wire". I wouldn't like that at all. Stupid kids.
frajo
2.3 / 5 (3) Apr 28, 2009
ANY operating system is subject to viral infections.


That's the theory.
In RealLife reality counts more than theory. Theoretical malign software doesn't bother my OS. Real malign software doesn't exist for my OS.
Call it pragmatism.
LuckyBrandon
1 / 5 (1) Apr 28, 2009
Yo uwant a code string to run to show ya? :D
frajo
1 / 5 (1) Apr 28, 2009
Yo uwant a code string to run to show ya? :D


I'd love to - it would make me famous in my community.
CWFlink
not rated yet May 03, 2009
Reality: run popular OS and two things happen...

1) everyone will target the OS you run (why waste time on only a small fraction of potential targets?);

2) the company that sells your OS will have a stake in protecting you (who gets the bad publicity?)



If you family runs multiple Windows PCs, look seriously at Microsoft's OneCare (onecare.com). I find it excellent on both XP and Vista platforms. It is cheap protection if you run multiple PCs on broadband Internet (less than $17 per PC per year.)