SAN FRANCISCO — The Conficker Internet worm's feared April Fools' Day throwdown for control of millions of infected PCs stirred lots of panic but came and went with a whimper.
Security experts say some Conficker-infected computers _ those poisoned with the latest version of the worm _ started "phoning home" for instructions more aggressively Wednesday, trying 50,000 Internet addresses instead of 250. However, security companies monitoring the worm remained successful at blocking the communications.
"We didn't see anything that wasn't expected," said Paul Ferguson, a security researcher at antivirus software maker Trend Micro Inc. "I'm glad April 1 happened to be a nonevent. People got a little too caught up in the hype on that. (The infected computers) didn't go into attack mode, planes didn't fall out of the sky or anything like that."
The worm can take control of unsuspecting PCs running Microsoft's Windows operating system. Tied together into a "botnet," these PCs can be directed to send spam, carry out identity-theft scams and bring down Web sites by flooding them with traffic.
That's why the April 1 change in Conficker's programming was a small twist _ and not the end of the story. The network of Conficker-infected machines could still spring to life and be used for nefarious deeds.
One scary element is that Conficker's authors have given the infected PCs peer-to-peer abilities, which allows them to update each other and share malicious commands through encrypted channels. That ability means the computers don't have to contact a Web site at all, and the communications are protected.
And the criminals behind Conficker are likely taking their time.
"The people who are pulling the strings on this are very slow and determined and measured in making modifications to this botnet," Ferguson said. "Basically, they're building a layer of survivability."
No comments:
Post a Comment