Sun, Mar 22, 2009 - Page 9 News List

Conficker and the botnet threat

Watch out: Cyber-criminals are at the cutting edge of Internet technology


An extraordinary behind-the-scenes struggle is taking place between computer security groups around the world and the brazen author of a malicious software program called Conficker.

The program grabbed global attention when it began spreading late last year and quickly infected millions of computers with software code that is designed to lash together the infected machines it controls into a powerful computer known as a botnet.

Since then, the program’s author has repeatedly updated its software in a cat-and-mouse game being fought with an informal international alliance of computer security firms and a network governance group known as the Internet Corp for Assigned Names and Numbers. Members refer to the alliance as the Conficker Cabal.

The existence of the botnet has some of the world’s best computer security experts working together to prevent potential damage. The spread of the malicious software is on a scale that matches the worst of past viruses and worms, like the I Love You virus. Last month, Microsoft announced a US$250,000 reward for information leading to the capture of the Conficker author.

Botnets are used to send the vast majority of e-mail spam messages. Spam in turn is the basis for shady commercial promotions including a variety of scams that frequently involve directing unwary users to Web sites that can plant malicious software, or malware, on computers.

Botnets can also be used to distribute other kinds of malware and generate attacks that can take commercial or government Web sites off line.

One of the largest botnets tracked last year consisted of 1.5 million infected computers that were being used to automate the breaking of “capchas,” the squiggly letter tests that are used to force applicants for Web services to prove they are human.

The inability of the world’s best computer security technologists to gain the upper hand against anonymous but determined cyber-criminals is viewed by a growing number of those involved in the fight as evidence of a fundamental security weakness in the global network.

“I walked up to a three-star general on Wednesday and asked him if he could help me deal with a million-node botnet,” said Rick Wesson, a computer security researcher involved in combating Conficker. “I didn’t get an answer.”

An examination of the program reveals that the zombie computers are programmed to attempt to contact a control system for instructions on April 1. There has been a range of speculation about the nature of the threat posed by the botnet, from a wake-up call to a devastating attack.

Researchers who have been painstakingly disassembling the Conficker code have not been able to determine where the author or authors is or are located, or whether the program is being maintained by one person or a group of hackers. The growing suspicion is that Conficker will ultimately be a computing-for-hire scheme.

Researchers expect it will imitate the hottest fad in the computer industry — cloud computing — in which companies like Amazon, Microsoft and Sun Microsystems sell computing as a service over the Internet.

Earlier botnets were designed so they could be split up and rented via black market schemes that are common in the Internet underground, according to security researchers.

The Conficker program is built so that after it takes up residence on infected computers, it can be programmed remotely by software to serve as a vast system for distributing spam or other malware.

This story has been viewed 3274 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top