Results 1 to 9 of 9

Thread: Internet worm set to change tactics April 1

  1. #1
    Join Date
    Aug 2007
    Location
    Westminster, CO
    Adopted Bronco:
    Phillip, Demaryius, Derek, Shane, Von,
    Posts
    47,828

    Default Internet worm set to change tactics April 1

    http://www.msnbc.msn.com/id/29956746/

    SAN FRANCISCO - The fast-moving Conficker computer worm, a scourge of the Internet that has infected at least 3 million PCs, is set to spring to life in a new way on Wednesday — April Fools' Day.

    That's when many of the poisoned machines will get more aggressive about "phoning home" to the worm's creators over the Internet. When that happens, the bad guys behind the worm will be able to trigger the program to send spam, spread more infections, clog networks with traffic, or try and bring down Web sites.

    Technically, this could cause havoc, from massive network outages to the creation of a cyberweapon of mass destruction that attacks government computers. But researchers who have been tracking Conficker say the date will probably come and go quietly.

    More likely, these researchers say, the programming change that goes into effect April 1 is partly symbolic — an April Fools' Day tweaking of Conficker's pursuers, who for now have been able to prevent the worm from doing significant damage.

    "I don't think there will be a cataclysmic network event," said Richard Wang, manager of the U.S. research division of security firm Sophos PLC. "It doesn't make sense for the guys behind Conficker to cause a major network problem, because if they're breaking parts of the Internet they can't make any money."

    Just to be safe, Johannes B. Ullrich, chief research officer for the SANS Institute, a security research organization, said home computer users “should make sure they regularly patch their systems,” and specifically “enable automatic downloads of Microsoft’s monthly patches.”

    The organization keeps a list of “vetted cleanup tools” at http://isc.sans.org/conficker.

    Ullrich also said PC users should turn on the firewall function in Microsoft Windows, although it “should be enabled automatically with Windows XP SP2 or later” editions of Windows. (Msnbc.com is a joint venture of Microsoft and NBC Universal.)

    He also cautioned users to “not download and install any files or video viewers that are advertised via e-mail. A lot of malware is installed willingly by users because the malware claims to be some kind of new video viewer.”

    “Keep good backups of critical files,” he added. “If you are infected, the best solution is to rebuild the system from scratch. This can be a lot harder if you do not have good backups.”

    Previous Internet threats were designed to cause haphazard destruction. In 2003 a worm known as Slammer saturated the Internet's data pipelines with so much traffic it crippled corporate and government systems, including ATM networks and 911 centers.

    Far more often now, Internet threats are designed to ring up profits. Control of infected PCs is valuable on the black market, since the machines can be rented out, from one group of bad guys to another, and act as a kind of illicit supercomputer, sending spam, scanning Web sites for security holes, or participating in network attacks.

    The army of Conficker-infected machines, known as a "botnet," could be one of the greatest cybercrime tools ever assembled. Conficker's authors just need to figure out a way to reliably communicate with it.

    Infected PCs need commands to come alive. They get those commands by connecting to Web sites controlled by the bad guys. Even legitimate sites can be co-opted for this purpose, if hackers break in and use the sites' servers to send out malicious commands.

    So far, Conficker-infected machines have been trying to connect each day to 250 Internet domains — the spots on the Internet where Web sites are parked. The bad guys need to get just one of those sites under their control to send their commands to the botnet. (The name Conficker comes from rearranging letters in the name of one of the original sites the worm was connecting to.)

    Conficker has been a victim of its success, however, because its rapid spread across the Internet drew the notice of computer security companies. They have been able to work with domain name registrars, which administer Web site addresses, to block the botnet from dialing in.

    Now those efforts will get much harder. On April 1, many Conficker-infected machines will generate a list of 50,000 new domains a day that they could try. Of that group, the botnet will randomly select 500 for the machines to actually query.

    The bad guys still need to get only one of those up and running to connect to their botnet. And the bigger list of possibilities increases the odds they'll slip something by the security community.

    Researchers already know which domains the infected machines will check, but pre-emptively registering them all, or persuading the registrars to neutralize all of them, is a bigger hurdle.

    "We expect something will happen, but we don't quite know what it will look like," said Jose Nazario, manager of security research for Arbor Networks, a member of the "Conficker Cabal," an alliance trying to hunt down the worm's authors.

    "With every move that they make, there's the potential to identify who they are, where they're located and what we can do about them," he added. "The real challenge right now is doing all that work around the world. That's not a technical challenge, but it is a logistical challenge."

    Conficker's authors also have updated the worm so infected machines have new ways to talk to each other. They can share malicious commands rather than having to contact a hacked Web site for instructions.

    That variation is important because it shows that even as security researchers have neutralized much of what the botnet might do, the worm's authors "didn't lose control of their botnet," said Michael La Pilla, manager of the malicious code operations team at VeriSign Inc.'s iDefense division.

    The Conficker outbreak illustrates the importance of keeping current with Internet security updates. Conficker moves from PC to PC by exploiting a vulnerability in Windows that Microsoft Corp. fixed in October. But many people haven't applied the patch or are running pirated copies of Windows that don't get the updates.

    Unlike other Internet threats that trick people into downloading a malicious program, Conficker is so good at spreading because it finds vulnerable PCs on its own and doesn't need human involvement to infect a machine.

    Once inside, it does nasty things. The worm tries to crack administrators' passwords, disables security software, blocks access to antivirus vendors' Web sites to prevent updating, and opens the machines to further infections by Conficker's authors.

    Someone whose machine is infected might have to reinstall the operating system.

    Thanks to MasterShake for my great signature
    Rest in Peace - Demaryius (88) - Darrent (27) - Damien (29) - Kenny (11)
    #7 - JOHN - #44 - FLOYD - #80 - ROD
    THIS ONES FOR JOHN
    WOULD YOU RATHER WIN UGLY, OR LOSE PRETTY?

  2. The Following 4 Users High Fived Denver Native (Carol) For This Post:


  3. #2
    Join Date
    Aug 2007
    Location
    Madison, WI
    Adopted Bronco:
    Ron Dayne
    Posts
    20,574

    Default

    Has the internet ended yet?

  4. The Following User High Fived sneakers For This Post:


  5. #3
    Join Date
    Nov 2008
    Location
    Panama
    Adopted Bronco:
    The Albino Rhino
    Posts
    9,816

    Default

    I haven't noticed a problem...yet.
    I miss the old Mile High Stadium.

  6. The Following User High Fived OrangeHoof For This Post:


  7. #4
    Join Date
    Aug 2007
    Location
    Laying around
    Adopted Bronco:
    All of 'em
    Posts
    7,632

    Default

    It's an April fools joke.

    No, I don't really know that for sure.
    Merry.

  8. #5
    Join Date
    Feb 2008
    Location
    Minnesota
    Adopted Bronco:
    Von Ware-Wolfe
    Posts
    6,331

    Default

    Good thing it doesn't affect my Windows 98 computer.
    In Elway We Trust

  9. #6
    Join Date
    Jan 2008
    Location
    Madison, WI
    Adopted Bronco:
    PTBNL
    Posts
    22,698

    Default

    I didn't really research this until after I watched the 20/20 clip that has made this virus a big thing.

    This isn't the first virus that has done this, and it certainly won't be the last.

    The important parts of this article are that you should have some sort of firewall protection (windows firewall is just fine), an anti-virus program running that gets updated on a regular basis, and Do not ever ever ever download or install any active-x plugin, program, or file in an e-mail from someone you don't trust or are not expecting.

    For instance, if you got an e-mail from me containing a powerpoint file, and you weren't expecting one from me, don't open it.

    The 20/20 clip was a joke. It was more of a 15 minute commercial for Symantec antivirus that vilified google. If you don't have any antivirus, or don't want to pay for Symantec, there are plenty of free and good Antiviruses available.
    I got mind control while I'm here
    You goin' hate me when I'm gone
    Ain't no blood clot and no fear
    I got hope inside of my bones

  10. #7

    Default

    Quote Originally Posted by sneakers View Post
    Has the internet ended yet?
    Just ask Al Gore who invented it

  11. #8
    Join Date
    Jan 2008
    Location
    Madison, WI
    Adopted Bronco:
    PTBNL
    Posts
    22,698

    Default

    Quote Originally Posted by Medford Bronco View Post
    Just ask Al Gore who invented it
    That is why we call it the Intarwebs.
    I got mind control while I'm here
    You goin' hate me when I'm gone
    Ain't no blood clot and no fear
    I got hope inside of my bones

  12. The Following User High Fived Thnikkaman For This Post:


  13. #9
    Join Date
    Feb 2008
    Location
    Minnesota
    Adopted Bronco:
    Von Ware-Wolfe
    Posts
    6,331

    Default

    Get AVG
    In Elway We Trust

Go
Shop AFC Champions and Super Bowl gear at the official online Pro Shop of the Denver Broncos!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Worm Infects Millions of Computers Worldwide
    By sneakers in forum Technology and Electronics
    Replies: 6
    Last Post: 01-24-2009, 12:10 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
status.broncosforums.com - BroncosForums status updates
Partner with the USA Today Sports Media Group