Conficker has wriggled into millions of PCs, leaving them open to receive a nasty parcel of malware from its author. But the worm – shaping up to be the biggest virus attack the world has ever seen - has yet to deliver its payload to a single infected computer. Antivirus experts tell NBR they’re waiting for the other boot to drop.
Peter Sparkes, senior manager for managed security services across Asia Pacific and Japan for Symantec, the largest antivirus player, tells NBR his company has yet to spot a single instance of a PC being hit by a Conficker payload (although the Ministry of Health did take its systems offline during a 15 day battle to root out the worm itself).
The worm works in three stages. In the first, it infects a PC, either online or – in a nice retro touch recalling the days of floppy-borne viruses – a USB thumb drive. Next, it “phones home” to a rogue web server controlled by Conficker’s creator (whom Symantec’s rival F-Secure fingers as a Ukrainian hacker), letting the server know the PC is infected, and now open to receive a payload of malware.
While the malware payload could theoretically be any piece of software, Mr Sparkes notes that unlike the early internet days of show-off hackers and amateur vandals, today’s virus writers are all about making money.
He also notes that Conficker is a very slickly-written piece of software, noted for its uniquely insidious ability to randomly generate 250 server domain names every day (most worms are easier to nab because they “phone home” to a single server).
Mr Sparkes says Conficker (also known as Downadup) is continuing to mutate. One new variant attacks Windows Vista (previously, Windows XP and older versions were more vulnerable). Another hijacks the “autoplay” function in Windows 7 (Vista’s successor, still in beta).
It’s unlikely such a sophisticated operation would not be building up to a major attack.
Typically, today’s malware attempts to sniff out personal details that could provide its author with access to the victim’s bank account or online auction account – or simply holds and individual or company’s data to ransom.
So when Conficker’s payload does hit, it’s likely some of the owners of the estimated 3 million (by Symantec’s count) to 9 million (by F-Secure’s) infected PCs are going to see their online accounts looted.
It’s possible Conficker’s author has set a certain date when all infected PCs will be hit in one big-bang attack, which would maximise the rapidly-reconfiguring worm’s chances against being blocked by security software updates. However, it’s equally possible incremental attacks will take place.
Although Conficker is shaping up to possibly be the world’s largest ever virus attack, Mr Sparkes says infections are concentrated in the small business segment, and geographically in China, Russia and South America – countries where there is less security infrastructure, and fewer have applied Microsoft’s relevant Windows patch (covered here) or auto-update their antivirus software.
This article is tagged with the following keywords. Find out more about MyNBR Tags
- Brexit aftermath: disdain, the elites, and the warning for conservative parties everywhere
- NZME shares unpopular during first hour on NZX
- NZ farmer confidence rebounds in second quarter as dairy price improves
- Dairy farmers need to reconsider 'smart level' of debt, Feds dairy chairman Hoggard says
- NZ sheepmeat, tourism may be hardest hit by Brexit as pound weakens, market volatility jumps
Most listened to
- What Australia needs now is stability, no more hopping around, says CPA CEO Alex Malley
- The challenge for the conservative side of politics is to recapture the focus on national identity
- Craigs' Mark Lister says Brexit fallout is likely to mean more volatility and a sub-2% OCR
- NBR's Jenny Ruth on a report suggesting electric car uptake will be slow
- Sunday Business with Andrew Patterson: Brexit Special