i thought this was an interesting story:
http://www.nytimes.com/2009/03/19/technology/19wor...
some interesting excerpts that demonstrate how sophisticated these attackers are:
the program’s author has repeatedly updated its software in a cat-and-mouse game being fought with an informal international alliance of computer security firms and a network governance group known as the Internet Corporation for Assigned Names and Numbers. Members refer to the alliance as the Conficker Cabal.
I found it interesting that the article starts by talking about the "author" - as if this is the work of a single person - which seems highly unlikely - although later in the article they appear to hedge this bet:
An examination of the program reveals that the zombie computers are programmed to try to contact a control system for instructions on April 1. There has been a range of speculation about the nature of the threat posed by the botnet, from a wake-up call to a devastating attack. Researchers who have been painstakingly disassembling the Conficker code have not been able to determine where the author, or authors, is located, or whether the program is being maintained by one person or a group of hackers.
Several people who have analyzed various versions of the program said Conficker’s authors were obviously monitoring the efforts to restrict the malicious program and had repeatedly demonstrated that their skills were at the leading edge of computer technology.
This is interesting for several reasons - the sophistication of the attackers - and the apparent dedication they are showing in ensuring that the attack moves foward in April. These attackers appear to be highly trained and educated - and appear to be able to stay one step ahead of a world effort to stop them. think about that for a minute.
For example, the Conficker worm already had been through several versions when the alliance of computer security experts seized control of 250 Internet domain names the system was planning to use to forward instructions to millions of infected computers. Shortly thereafter, in the first week of March, the fourth known version of the program, Conficker C, expanded the number of the sites it could use to 50,000. That step made it virtually impossible to stop the Conficker authors from communicating with their botnet.
the combination of sophistication and unlawful malicious intent is worthy of note. someone is working overtime to ensure that this criminal behavior moves forward:
“It’s worth noting that these are folks who are taking this seriously and not making many mistakes,†said Jose Nazario, a member of the international security group and a researcher at Arbor Networks, a company in Lexington, Mass., that provides tools for monitoring the performance of networks. “They’re going for broke.â€
and their efforts are frightening:
A report scheduled to be released Thursday by SRI International, a nonprofit research institute in Menlo Park, Calif., says that Conficker C constitutes a major rewrite of the software.
This is not one stray worm on the loose. someone is working very hard to make sure the endgame is realized - and the results could be devastating:
“In the worst case,†Mr. Porras said, “Conficker could be turned into a powerful offensive weapon for performing concerted information warfare attacks that could disrupt not just countries, but the Internet itself.â€
and this is REALLY amazing:
The researchers, noting that the Conficker authors were using the most advanced computer security techniques, said the original version of the program contained a recent security feature developed by an M.I.T. computer scientist, Ron Rivest, that had been made public only weeks before. And when a revision was issued by Dr. Rivest’s group to correct a flaw, the Conficker authors revised their program to add the correction.
'cutting edge' seems like an understatement in this case. 'one step ahead' of the cutting edge seems more apropos.
Does any of this seem like an April Fools joke?
what exactly is this malicious worm going to do on April 1st? Could we be catching the first whiffs of an digital Pearl Harbour in the making - or the most sophisticated Viagra campaign yet?