Slashdot Mirror

← Back to Stories (view on slashdot.org)

Conficker Worm Could Create World's Biggest Botnet

Posted by kdawson on from the holding-our-collective-breath dept.

nk497 writes "The worm that's supposedly infected almost nine million PCs running Windows, dubbed Cornficker or Downadup, could lead to a massive botnet, security researchers have said. The worm initially spread to systems unpatched against MS08-067, but has since 'evolved and is now able to spread to patched computers through portable USB drives through brute-force password-guessing.'"

8 of 220 comments (clear)

  1. Re:follow the money. by calmofthestorm · · Score: 4, Insightful

    It should not be that hard to follow the money generates by this malware. Infecting 8 million PC should be a crime.

    It's a crime if it's spammers. It's not a crime if it's government or content industry.

    Bitterness aside, the main problem is that usually the people doing it are in a country where it is, for a number of reasons, difficult to track them down. Still, I agree that, short of keeping your OS up to date (if you /must/ use Windows), following the money is the best approach.

    --
    93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
  2. Re:ISP Blacklists by Urd.Yggdrasil · · Score: 3, Insightful

    This would only work for centralized command and control mechanisms. More sophisticated bots use decentralized p2p type communication, as was with the storm worm last year. Conflicker uses a built in mechanism to generate new domains to contact each day, and while security firms are deploying blacklists based on the generator code, it could easily be changed in a new variant. This is of course not taking into account the difficulty one would have in getting ISP's to maintain a list of blacklisted domains that changes day to day.

  3. Re:How can it spread through USB sticks? by ChienAndalu · · Score: 3, Insightful

    I really hate Microsoft for this kind of stupidity. They could have just made an option "autorun program from USB stick" with nothing customizable about it.

  4. Re:follow the money. by Richard+W.M.+Jones · · Score: 5, Insightful

    It's not like the FBI and Interpol and going to look at the bogus whois information and throw their hands up and say "oh noes". They can go and raid the registrar's offices and find out what IPs registered the domain, what credit cards (stolen or not) were used, and if they were stolen, where from and when. Furthermore the worm has a whole list of websites, so every single one of those can be checked in the same way, and even if they are all hijacked, there will be hundreds of potential clues about the perpetrators.

    Personally, I am sick of spammers attempting to add comment spam to sites that I run, signing up for bogus accounts, sending massive amounts of spam, continuously trying ssh connections, running exploits etc the list goes on. The police need to do something to help us.

    Rich.

    --
    libguestfs - tools for accessing and modifying virtual machine disk images
  5. Re:follow the money. by timmarhy · · Score: 4, Insightful

    agreed 100%. until some serious pound me in the ass prison time is handed out to more than a few of these guys, it won't stop. better coordination with isp's is also the answer here, once these virus/spam sites are identified, for fucks sake blacklist them. this simple act would stop 100,000's of infected pc's from giving up information making the whole venture less profitable.

    --
    If you mod me down, I will become more powerful than you can imagine....
  6. Re:follow the money. by mlush · · Score: 5, Insightful

    Personally, I am sick of spammers attempting to add comment spam to sites that I run, signing up for bogus accounts, sending massive amounts of spam, continuously trying ssh connections, running exploits etc the list goes on. The police need to do something to help us.

    Rich.

    I think you should be careful what you wish for. The Police could do something, they could turn the Internet into a Police State.

  7. Re:Patch and Pray: Windows is a costly liability by Spad · · Score: 4, Insightful

    *ALL* operating systems much be constantly patched to protect against the "latest" threats. Windows just gets the majority share of attention because there are millions of Windows boxes, many unpatched, many owned and operated by computer illiterate users who have little or no interest in securing them (And even in Vista, which is a vast improvement on XP from a security perspective, the default security leaves a lot to be desired).

    Ok, they are *usually* less serious than this particular vulnerability, but my Ubuntu box downloads "critical" updates at least once a week on average.

    Microsoft have made a lot of bad design decisions in their products, often in order to thwart competition, but them actually being incompetent or negligent, especially in recent years, is a lot harder to prove.

  8. Re:Patch and Pray: Windows is a costly liability by Abcd1234 · · Score: 3, Insightful

    The only reason why there hasn't been a class action lawsuit against Microsoft for their incompetence is that many misguided people STILL think that every 20 minutes of MS Word is worth 1 week of their time spent Patching and Praying and trying to recover data.

    Actually, I think it's more fundamental than that. I think the last 20 years of Microsoft dominance have convinced people that this is the *only way computers can work*. That it's impossible to do any better. So they've learned to live with the instability, the insecurity, the constant fear of losing work due to mysterious crashes and instabilities.

    Heck, just look at the praise lavished on XP. Compared to 95, XP is a quantum leap in terms of stability. And yet, in my experience, it's only just adequate. But compared to what people were used to, it's amazing!