An extraordinary behind-the-scenes struggle is taking place between computer security groups around the world and the brazen author of a malicious software program called Conficker.
The program grabbed global attention when it began spreading late last year and quickly infected millions of computers with software code that is designed to lash together the infected machines it controls into a powerful computer known as a botnet.
Since then, the program’s author has repeatedly updated its software in a cat-and-mouse game being fought with an informal international alliance of computer security firms and a network governance group known as the Internet Corp for Assigned Names and Numbers. Members refer to the alliance as the Conficker Cabal.
The existence of the botnet has some of the world’s best computer security experts working together to prevent potential damage. The spread of the malicious software is on a scale that matches the worst of past viruses and worms, like the I Love You virus. Last month, Microsoft announced a US$250,000 reward for information leading to the capture of the Conficker author.
Botnets are used to send the vast majority of e-mail spam messages. Spam in turn is the basis for shady commercial promotions including a variety of scams that frequently involve directing unwary users to Web sites that can plant malicious software, or malware, on computers.
Botnets can also be used to distribute other kinds of malware and generate attacks that can take commercial or government Web sites off line.
One of the largest botnets tracked last year consisted of 1.5 million infected computers that were being used to automate the breaking of “capchas,” the squiggly letter tests that are used to force applicants for Web services to prove they are human.
The inability of the world’s best computer security technologists to gain the upper hand against anonymous but determined cyber-criminals is viewed by a growing number of those involved in the fight as evidence of a fundamental security weakness in the global network.
“I walked up to a three-star general on Wednesday and asked him if he could help me deal with a million-node botnet,” said Rick Wesson, a computer security researcher involved in combating Conficker. “I didn’t get an answer.”
An examination of the program reveals that the zombie computers are programmed to attempt to contact a control system for instructions on April 1. There has been a range of speculation about the nature of the threat posed by the botnet, from a wake-up call to a devastating attack.
Researchers who have been painstakingly disassembling the Conficker code have not been able to determine where the author or authors is or are located, or whether the program is being maintained by one person or a group of hackers. The growing suspicion is that Conficker will ultimately be a computing-for-hire scheme.
Researchers expect it will imitate the hottest fad in the computer industry — cloud computing — in which companies like Amazon, Microsoft and Sun Microsystems sell computing as a service over the Internet.
Earlier botnets were designed so they could be split up and rented via black market schemes that are common in the Internet underground, according to security researchers.
The Conficker program is built so that after it takes up residence on infected computers, it can be programmed remotely by software to serve as a vast system for distributing spam or other malware.
Several people who have analyzed various versions of the program said that Conficker’s authors were obviously monitoring the efforts to restrict the malicious program and had repeatedly demonstrated that their skills were at the cutting-edge of computer technology.
For example, the Conficker worm had already been through several versions when the alliance of computer security experts seized control of 250 Internet domain names that the system was planning to use to forward instructions to millions of infected computers.
Shortly thereafter, in the first week of March, the fourth known version of the program, Conficker C, expanded the number of the sites it could use to 50,000. That step made it virtually impossible to stop the Conficker authors from communicating with their botnet.
“It’s worth noting that these are folks who are taking this seriously and not making many mistakes,” said Jose Nazario, a member of the international security group and a researcher at Arbor Networks, a company in Lexington, Massachusetts, that provides tools for monitoring the performance of networks.
“They’re going for broke,” he said.
Several members of the Conficker Cabal said that law enforcement officials had been slow to respond to the group’s efforts, but that a number of law enforcement agencies were now in “listen” mode.
“We’re aware of it,” said Paul Bresson, an FBI spokesman, “and we’re working with security companies to address the problem.”
A report that was to be released on Thursday by SRI International, a nonprofit research institute in Menlo Park, California, says that Conficker C constitutes a major rewrite of the software. Not only does it make it far more difficult to block communication with the program, but it gives the program added powers to disable many commercial anti-virus programs, as well as Microsoft’s security update features.
“Perhaps the most obvious frightening aspect of Conficker C is its clear potential to do harm,” said Phillip Porras, a research director at SRI International and one of the authors of the report. “Perhaps in the best case, Conficker may be used as a sustained and profitable platform for massive Internet fraud and theft.”
“In the worst case,” Porras said, “Conficker could be turned into a powerful offensive weapon for performing concerted information warfare attacks that could disrupt not just countries, but the Internet itself.”
The researchers, noting that the Conficker authors were using the most advanced computer security techniques, said the original version of the program contained a recent security feature developed by an MIT computer scientist, Ron Rivest, that had been made public only weeks before. And when a revision was issued by Rivest’s group to correct a flaw, the Conficker authors revised their program to add the correction.
Although there have been clues that the Conficker authors may be located in Eastern Europe, evidence has not been conclusive. Security researchers, however, said this week that they were impressed by the authors’ productivity.
“If you suspect this person lives in Kiev,” Nazario said, “I would look for someone who has recently reported repetitive stress injury symptoms.”
Recently, China launched another diplomatic offensive against Taiwan, improperly linking its “one China principle” with UN General Assembly Resolution 2758 to constrain Taiwan’s diplomatic space. After Taiwan’s presidential election on Jan. 13, China persuaded Nauru to sever diplomatic ties with Taiwan. Nauru cited Resolution 2758 in its declaration of the diplomatic break. Subsequently, during the WHO Executive Board meeting that month, Beijing rallied countries including Venezuela, Zimbabwe, Belarus, Egypt, Nicaragua, Sri Lanka, Laos, Russia, Syria and Pakistan to reiterate the “one China principle” in their statements, and assert that “Resolution 2758 has settled the status of Taiwan” to hinder Taiwan’s
The past few months have seen tremendous strides in India’s journey to develop a vibrant semiconductor and electronics ecosystem. The nation’s established prowess in information technology (IT) has earned it much-needed revenue and prestige across the globe. Now, through the convergence of engineering talent, supportive government policies, an expanding market and technologically adaptive entrepreneurship, India is striving to become part of global electronics and semiconductor supply chains. Indian Prime Minister Narendra Modi’s Vision of “Make in India” and “Design in India” has been the guiding force behind the government’s incentive schemes that span skilling, design, fabrication, assembly, testing and packaging, and
Singaporean Prime Minister Lee Hsien Loong’s (李顯龍) decision to step down after 19 years and hand power to his deputy, Lawrence Wong (黃循財), on May 15 was expected — though, perhaps, not so soon. Most political analysts had been eyeing an end-of-year handover, to ensure more time for Wong to study and shadow the role, ahead of general elections that must be called by November next year. Wong — who is currently both deputy prime minister and minister of finance — would need a combination of fresh ideas, wisdom and experience as he writes the nation’s next chapter. The world that
As former president Ma Ying-jeou (馬英九) wrapped up his visit to the People’s Republic of China, he received his share of attention. Certainly, the trip must be seen within the full context of Ma’s life, that is, his eight-year presidency, the Sunflower movement and his failed Economic Cooperation Framework Agreement, as well as his eight years as Taipei mayor with its posturing, accusations of money laundering, and ups and downs. Through all that, basic questions stand out: “What drives Ma? What is his end game?” Having observed and commented on Ma for decades, it is all ironically reminiscent of former US president Harry