Friday, April 24, 2009

Conficker-Infected Computers Send Spam, Fake Anti-Malware

"Conficker virus begins to attack PCs - experts"
Reuters (April 24, 2009)

"*Virus is slowly being activated

"*Small number of PCs turned into spam servers

"*Others loaded with fake spyware that infects PCs...

"...A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said.

"Conficker, also known as Downadup or Kido, is quietly turning an unknown number of personal computers into servers of e-mail spam, they added...."

"...Conficker installs a second virus, known as Waledac, that sends out e-mail spam without knowledge of the PC's owner, along with a fake anti-spyware program...."

The good news is that quite a few people heard about Conficker and either shielded their computers from it, or de-wormed their machines.

The bad news: Conficker is still in an unknown number of computers, and is starting to do unpleasant - and illegal - things.

"Conficker infected critical hospital equipment, expert says"
CNET News (April 23, 2009)

"SAN FRANCISCO--The Conficker worm infected several hundred machines and critical medical equipment in an undisclosed number of U.S. hospitals recently, a security expert said on Thursday in a panel at the RSA security conference.

" 'It was not widespread, but it raises the awareness of what we would do if there were millions' of computers infected at hospitals or in critical infrastructure locations, Marcus Sachs told CNET News after the session. Sachs is the director of the SANS Internet Storm Center and a former White House cybersecurity official.

"It is unclear how the devices, which control things like heart monitors and MRI machines, and the PCs got infected, he said. The computers are older machines running Windows NT and Windows 2000 in a local area network that was not supposed to have access to the Internet, however, the network was connected to one that has direct Internet access and so they were infected, he said...."

Several hundred computers doesn't sound like much of a problem: except that this article concentrates on computers that are used in American hospitals.

The machines were assumed to be infection-proof.

They got infected anyway.

Something like this was publicized in the U.K. in January, that article says.

"Conficker holds lessons for security firms"
Security Focus (April 24, 2009)

"SAN FRANCISCO — With the Conficker worm still squirming worldwide, operating system vendors and security firms should search for lessons in the success of the malicious program, especially its ability to attack the update mechanisms used by Windows and security software while at the same time surviving removal efforts, said two researchers at the RSA Security Conference...."

"...Earlier this month, the Conficker worm completed its latest update, and infected PCs began downloading new commands to modify how the program functions. The latest modifications to the program — also referred to as Downad, Downadup and Kido by different security companies — reactivated the worm's ability to spread using a flaw in Microsoft Windows and redirected most communications through the program's peer-to-peer network...."

I'm not afraid that this is the end of civilization as we know it: but I do think that malware like Conficker is a serious problem.

It looks like people who are professionally involved in dealing with malware take Conficker and its ilk seriously, while at least some columnists think it may be some sort of Microsoft conspiracy.

I'm inclined to think that malware is real, and is a problem. I recently spent about a week, de-worming my computer. I could have used that time for better, more profitable activity: and this is a pattern which apparently is quite familiar to people who depend of information technology for their work.

It's not just a matter of money. The article about hospitals with infected machines is troubling. It would be nice if Conficker doesn't cause a glitch which leads to some patient dying. But, I get the impression that people who create and distribute things like Conficker aren't very nice.

I hope that nobody dies as a result of the Conficker worm's activities. And, I hope that eventually a means will be found to shut down the people who make these things.

That's going to take time: It's a global issue, and I'm not at all convinced that national leaders understand that computers
  • Exist
  • Are actually used for important things
    • Like maintaining electrical systems that power Congressional coffee machines
  • Don't work very well when malware gets inside
As I've written before, I think serious attention won't be paid to information technology issues until people who grew up with it are in leadership positions: and that will take decades.

Related posts:

2 comments:

Brigid said...

Oy ve. Is that still around? That's bad.

Speaking of bad, you might want to fix the typo in this quote: "and wither shielded their computers from it, or de-wormed their machines."

Brian H. Gill said...

Brigid,

Oops. Fixed that. Thanks.

I'm not surprised that Conficker is still around: and, although I'm not in a tizzy over it, I think this is a serious problem. Maybe very serious.

The infected medical computers point out very real issues in IT security.

I think, although anti-malware software and procedures are important, the long-term solution is to make the benefit-risk ratio for creating and releasing malware daunting enough to discourage hackers.

And for that to happen, there will have to be global cooperation - and a refusal to take rank and position into account: "Ex-Sen. Bill Bradley Sits on Board of Major Spamming Firm.

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?

WebSTAT

Family Blogs - Blog Catalog Blog Directory