Hackers Mistimed Conficker, But Threat Lingers
It wasn’t meant to be an April Fools’ Day gag, but the Conficker worm had a lot of computer users hoping they wouldn’t be the fool with an infected machine that malware authors could turn into a spam bot.
April 1 has gone and Conficker didn’t cause a network meltdown. Security analysts are speculating on what will happen next, although none are certain. They are staying vigilant, as memories of the Melissa virus linger.
The Conficker worm, also know as Downadup, raced across the Internet in January with tricks to spread undetected. Millions of computers were infected in just a four-day period. There are several variants running wild and the latest, Conficker.C, has been activated but so far there is no new rash of infections.
The worm first appeared in late November, exploiting a vulnerability in Microsoft Windows to spread unhindered on local area networks. Its goal so far has been to install rogue software on infected computers. Microsoft issued a patch for the vulnerability, but users who haven’t installed it are open to infection as the worm spreads through portable USB flash drives.
Mistiming for Conficker
Despite the lack of any Conficker-induced apocalypse, users still need to be diligent, according to Andrew Storms, director of security operations for nCircle. Conficker numbers may be down, he said, but it’s still a significant threat. Even a few million infected systems could disrupt many e-commerce sites or send massive amounts of spam.
“Aside from the technology Conficker uses, the most interesting thing about it is that it hasn’t done anything. It has not been used to send mass spam or launch a DDoS (distributed denial of service) attack on Web sites. Conficker, for the most part, is sitting idle,” Storms said.
Although some observers are blaming the media for creating what may be remembered as Conficker hysteria,…
Related posts: