Reuters (April 24, 2009)
"*Virus is slowly being activated
"*Small number of PCs turned into spam servers
"*Others loaded with fake spyware that infects PCs...
"...A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said.
"Conficker, also known as Downadup or Kido, is quietly turning an unknown number of personal computers into servers of e-mail spam, they added...."
"...Conficker installs a second virus, known as Waledac, that sends out e-mail spam without knowledge of the PC's owner, along with a fake anti-spyware program...."
The good news is that quite a few people heard about Conficker and either shielded their computers from it, or de-wormed their machines.
The bad news: Conficker is still in an unknown number of computers, and is starting to do unpleasant - and illegal - things.
"Conficker infected critical hospital equipment, expert says"
CNET News (April 23, 2009)
"SAN FRANCISCO--The Conficker worm infected several hundred machines and critical medical equipment in an undisclosed number of U.S. hospitals recently, a security expert said on Thursday in a panel at the RSA security conference.
" 'It was not widespread, but it raises the awareness of what we would do if there were millions' of computers infected at hospitals or in critical infrastructure locations, Marcus Sachs told CNET News after the session. Sachs is the director of the SANS Internet Storm Center and a former White House cybersecurity official.
"It is unclear how the devices, which control things like heart monitors and MRI machines, and the PCs got infected, he said. The computers are older machines running Windows NT and Windows 2000 in a local area network that was not supposed to have access to the Internet, however, the network was connected to one that has direct Internet access and so they were infected, he said...."
Several hundred computers doesn't sound like much of a problem: except that this article concentrates on computers that are used in American hospitals.
The machines were assumed to be infection-proof.
They got infected anyway.
Something like this was publicized in the U.K. in January, that article says.
"Conficker holds lessons for security firms"
Security Focus (April 24, 2009)
"SAN FRANCISCO — With the Conficker worm still squirming worldwide, operating system vendors and security firms should search for lessons in the success of the malicious program, especially its ability to attack the update mechanisms used by Windows and security software while at the same time surviving removal efforts, said two researchers at the RSA Security Conference...."
"...Earlier this month, the Conficker worm completed its latest update, and infected PCs began downloading new commands to modify how the program functions. The latest modifications to the program — also referred to as Downad, Downadup and Kido by different security companies — reactivated the worm's ability to spread using a flaw in Microsoft Windows and redirected most communications through the program's peer-to-peer network...."
I'm not afraid that this is the end of civilization as we know it: but I do think that malware like Conficker is a serious problem.
It looks like people who are professionally involved in dealing with malware take Conficker and its ilk seriously, while at least some columnists think it may be some sort of Microsoft conspiracy.
I'm inclined to think that malware is real, and is a problem. I recently spent about a week, de-worming my computer. I could have used that time for better, more profitable activity: and this is a pattern which apparently is quite familiar to people who depend of information technology for their work.
It's not just a matter of money. The article about hospitals with infected machines is troubling. It would be nice if Conficker doesn't cause a glitch which leads to some patient dying. But, I get the impression that people who create and distribute things like Conficker aren't very nice.
I hope that nobody dies as a result of the Conficker worm's activities. And, I hope that eventually a means will be found to shut down the people who make these things.
That's going to take time: It's a global issue, and I'm not at all convinced that national leaders understand that computers
- Are actually used for important things
- Like maintaining electrical systems that power Congressional coffee machines
- Don't work very well when malware gets inside
- "Lemming Tracks: A Perfect Storm of Malware and Easter Weekend"
(April 10, 2009)
- "Conficker Alive and Well: and Quietly Active - or a Vast Conspiracy?"
(April 10, 2009)
- "Conficker worm: This Should be Interesting, One Way or Another"
(April 1, 2009)
- "Downadup, Conficker Internet Worm, or Kido: Bad News"
(March 30, 2009)
- "Downadup, Conficker or Kido: Whatever You Call it, it's Bad News"
(January 25, 2009)