The mysterious case of the inactive botnet
If you controlled somewhere around 12 million PCs, what would you do with all that power?
That is a question that not many people get the chance to answer for real, but there is at least one hacker out there who does. The unknown developer(s) of Conficker have, by last estimate, more than 12 million Windows systems infected since first arriving in November, 2008.
No systems seem to be out of reach, with public reports of hospitals and militaries around the world falling victim to infection by the worm. It is strange that the botnet being created by the worm is effectively sitting still not doing much other than continuing to try and spread the worm. Despite this, the disruption that the worm has already caused, and its rapid spread has seen Microsoft announce a $250,000 USD bounty for the original developer(s) of Conficker.
In addition, Microsoft has established two areas on its main website to help enterprise and home users be informed about the worm and manage it. For enterprise users, the page at http://www.microsoft.com/conficker is the main source, and this link has been set up for consumers.
One significant step towards tracking down the creator has been the reverse engineering of the algorithm used to generate the seemingly random domain names that an infected system attempts to connect to every three hours. With this information public, it is likely that subsequent versions of the worm will employ different domain generation algorithms.
17 February 2009
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.