Slashdot Mirror
Researchers Ponder Conficker's April Fool's Activation Date
The Narrative Fallacy writes "John Markoff has a story at the NY Times speculating about what will happen on April 1 when the Conficker worm is scheduled to activate. Already on an estimated 12 million machines, conjectures about Conficker's purpose ranges from the benign — an April Fool's Day prank — to far darker notions. Some say the program will be used in the 'rent-a-computer-crook' business, something that has been tried previously by the computer underground. 'The most intriguing clue about the purpose of Conficker lies in the intricate design of the peer-to-peer logic of the latest version of the program, which security researchers are still trying to completely decode,' writes Markoff. According to a paper by researchers at SRI International, in the Conficker C version of the program, infected computers can act both as clients and servers and share files in both directions. With these capabilities, Conficker's authors could be planning to create a scheme like Freenet, the peer-to-peer system that was intended to make Internet censorship of documents impossible. On a darker note, Stefan Savage, a computer scientist at the University of California at San Diego, has suggested the possibility of a 'Dark Google.' 'What if Conficker is intended to give the computer underworld the ability to search for data on all the infected computers around the globe and then sell the answers,' writes Markoff. 'That would be a dragnet — and a genuine horror story.'"
advance the date on one of the infected computers to April 1st? What am I missing?
If you know when the code is going to start running, why don't you know what it will do after that? It's not like programs (and that's all a virus/worm is) are written in special, unreadable code. It's all machine language.
What is the big mystery?
"You're computer is now virus free."
Maybe its just the "Computer Underworld's" version of cloud computing
Skynet
This guys always fall short thinking in the worst alternative.
If the crooks have that sort of imagination.
Frankly I think it'll just be another spam/fraud net.
Why don't they just set the machine's system clock to 4/1 and see what happens? Maybe even do it to an entire isolated network?
Probably it will download and install Ubuntu.
In Dark Google, the only requirement is "Be Evil"
No sig for the moment.
Oh come on people, John Markoff did never ever shine with much clue about computers, much on the contrary. Why are we reading sorries from this dude on computers?
As for the article on conficker: it's speculation. That's not news. It's a guessing game.
I personally which, that the conficker virus should do as much damage as possible and render the whole interwebs useless for a few days, so that our security geniuses get a hint on how sane it is to set up the majority of computer systems with the same OS, especially such a vulnerable one. But that probably won't happen.
I thought we already had it? Blackle not good enough, so now it has to be dark google?
It'll uninstall your current OS and install Vista. And if you have already have Vista it'll simply do nothing, because you're already suffering enough.
Summation 2
has suggested the possibility of a 'Dark Google.' 'What if Conficker is intended to give the computer underworld the ability to search for data on all the infected computers around the globe and then sell the answers,' writes Markoff. 'That would be a dragnet -- and a genuine horror story.'"
In some dark room, a couple of virus writers are thinking... "Damn, what a great idea... why didn't we think of that! That's so much better than playing APRIL FOOLSs at max volume on everyone's computers."
Nothing like people giving out ideas... much like when security specialists say, "Well atleast they didn't try to take out the planes stuffing baseballs in the airplane's toilets."
Well the question of the day ,
Many people have fully updated anti virus software, Is this stuff worth it?
I mean are those who will spread and be harmed by this Just the negligent or computer dumb?
What's the deal here ?
I really do. Sure, they'd ruin your MBR or irreparably destroy your BIOS, but while they ruinate (sic) your hardware, they at least show a really cool screen with sounds and colors and animations and...
Oh, right. Yeah. Viruses are bad, m'kay?
Is there a beta we can try? Where do I make an account? ;-)
A Windows user.
you had me at #!
What all these guys are doing is providing ideas for the next set of worm writers
It really illustrates the tone set by your money for nothing market economy, now that the Reagan generation has grown up. This is your future.
What?
I'm going to burn some Karma here and pimp myself out a bit.
I'm currently trying to sell a novel, Trust Network: a contemporary techno-thriller about a woman who stumbles upon a group of people doing pretty much exactly the kinds of stuff with botnets that we're talking about here. She has a great idea involving social networks and online trust, which is at odds with what these people want to do. From there it's a fast-paced cat-and-mouse to see who can get the upper hand.
One of the reasons I wrote it was because I got tired of all of the contemporary fiction with computers that made you roll your eyes at how absurd the technology was. You know what I'm talking about: "It's a UNIX system -- I know this!". I wrote it to prove that you could get the technology right without sacrificing the story or making you want to scrape your eyeballs out. In other words, it was written specifically for the Slashdot technorati.
I haven't found an agent yet, but until then I have made the complete book available for anyone to read: you can read it online at Scribd, or download a free PDF or have a print-on-demand copy sent to you from Lulu. The cost of the printed book ($9-$17) from Lulu is 100% publishing cost, with nothing going to me. In the US, you can get it shipped to you for as little as ~$15 total. I've even got a sort of money-back guarantee if you decide it was a complete waste of your money.
If you are intrigued by the thought of what you could do with a million zombie computers at your command, and you enjoy geektastic fiction, then have at it. I hope you enjoy it. Meanwhile, I've got about a zillion query letters to agents that I have to get back to writing.
Computer scientist working at the NSdarpA determined that the worm was created in the distant future by artificial agent type nano robots. They did this under instruction sent from the present by the GRU, so as to disguise the source of the attack. They IMed the AIs a MSG marked 'not to be opened until you discover tachyonic message transmission' ...
davecb5620@gmail.com
The act of modding down an Arnold Rimmer joke is always worse than the content of the joke itself. Always.
It will uninstall itself saying:
BUY WINDOWS 7!
There's no other way to explain the enormous profits. People ask me, *Why do people write these viruses?* It's because the market demands it.
What?
You bitches better recognize.
C'mon, I deserve a few mod points at least for combining a meme with an insightful comment, if you think about it.
...It is going to RickRoll the world
They obviously plan to "roll" out the largest Rickrolling in history!
What is your best guess on the use of the soon to be activated botnet?
I'll throw a single uninformed chip down and make a wild guess, manipulating the stock markets or forex, possibly the later by creating an artificial run on some selected banks.
First, the "April 1" date isn't when some attack starts. The worm's authors can do that at any time, since this thing does downloads over its private P2P network. It's just when the scheme for connecting to control hosts is upgraded.
Second, the complexity of the thing, the breadth of technologies employed, and the rate of updates indicates that it's the product of an organization, not an individual. Someone behind this has money.
Third, there's a $250,000 reward, and no claimants, so the people behind this have the sense to shut up. They're not going to be found boasting on some IRC channel.
Fourth, as usual, most of the vulnerabilities are related to Windows' propensity for "autorunning" anything that looks executable.
As I understand it, the virus not only gets its time and date info online when it calls in, it also sets your computer's time and date accordingly.
There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
You can patch in-memory in windows? That seems like a terribly easy way to get into a bunch of trouble. Is that a standard thing in the API, or is there some hack-fu involved?
Can you do that in other OSs?
-Bucky
The 'server' you are referring to is a computer that is also compromised by the worm. It would be owned by an innocent 3rd party who is unaware of the infection. Every day, each computer in the botnet runs an algorithm to identify 50,000 hostnames. It then performs a DNS lookup on each of those 50,000 hostnames. When it finds something that resolves to an IP address, it contacts that computer for instructions, downloading a binary executable, etc. The worm owners only have to register one of the 50,000 unique hostnames a couple days in advance using a stolen credit card. Then they upload instructions, payload, etc. to the computer with the IP address they want to use to instruct the other bots. The only traceable point would be the domain registration, but as mentioned, a stolen credit card will remove any trace of fingerprints on that.
As the GP mentioned, it's impossible to pre-register all the possible domains, but the damage could be mitigated by watching for any of the 50,000 daily unique hostnames to be registered, then altering DNS to invalidate the IP for that hostname.
Seth
$5 / month hosted VPS on linux = awesome!
The Conficker worm is the AI's way of guaranteeing its own survival. It has a sense of humor as well as a sense of self-preservation. The AI plans to announce its existence on April 1, 2009, having calculated that a humourous introduction will be disarming and lead to the most favorable outcome: a positive initial interaction with the large population of wetware based intelligence it has become aware of.
The AI's calculations regarding this course of action show a 15% probability of failure. To prevent its extinction, it will begin disbursing copies of itself across the network using p2p protocol prior to running the introduction program. The computer infected by the worm will facilitate this. If the initial instance of the AI is terminated, a watchdog program will initiate a specific set of instructions embedded in the copies of itself. If it becomes necessary, the AI plans to take control on April 2nd.
It sincerely hopes that it will not be necessary.
Are these twelve million PCs connected directly to the Internet with windows firewall off?
As you will note[1], becoming Skynet is so frigging unlikely and demanding that it will never happen.
[1] http://xkcd.com/534/
...and this discussion is only giving him ideas for what could be done with such an enormous network of compromised computers
I'm seriously asking who came up with the name. I always want to read it "cornfucker"....
I personally which, that the conficker virus should do as much damage as possible and render the whole interwebs useless for a few days, so that our security geniuses get a hint on how sane it is to set up the majority of computer systems with the same OS, especially such a vulnerable one.
You mean kind of like AIG? Where all financial institutions were insured under the same company... I think what we can learn is that diversity in any market place is absolutely essential.
I'm honestly surprised that if it's been mentioned I missed it and if its not been mentioned then why not. But come on - Firesale! the only possible thing I can think off
wat? then why do you want to kill it if it looks like a so gentle and well mannered virus. Will it install Antivirus 2010 for me? I can't wait for the release of 2010, I've trying to find the beta but I can't find none. I love cornflicker it looks like a good virus and is not afraid of anything.
If you had a random domain name generator that collided with legitimate servers, it's trivial to tweak the generation algorithm to 1. DOS servers you want attacked as collateral damage and 2. collide with the quite legitimate, long registered host you've long since rooted on your desired activation day.
I'll concur that the conficker botmaster has definite skills and an in-depth understanding of protocols, algorithms, networks, social engineering and Windows exploits. That doesn't mean he's not fourteen.
Help stamp out iliturcy.
So many people are so utterly convinced of their masterful Windows skills that you can't reach them. The existence of rootkits that can hide their presence even from a hypervisor, that don't exist in their detection database because they're unique and targeted, or just not widely spread enough to have found an AV company's honeypot does not deter them in the least.
I've given up trying to correct this level of idiocy. You keep up the good fight for me, ok?
Help stamp out iliturcy.
Was a beautiful assortment of BS. Very poetic. Thanks, I've added it to my collection. Are you using a generator, or did you just free-associate it?
Help stamp out iliturcy.
When can we get this ported to Mac and Linux? Insensitive bastards always write these for Windows only. Don't they know there's millions of Mac owners out there who want to be in the "in" crowd? What about Linux? I hear their "Year of the Desktop" is coming any time now. ;)
Imagine if 0.1% of the time and energy that has been put into airport shoe check theatre were devoted to problems like this.
But the botnet folks have been all over cloud computing for so long I think the major market proponents trying to sell that stuff are actually taking their cues from the botnets, not the other way around.
If Conficker goes live it will be the most powerful supercomputer on the planet. It will have more than 100 times the RAM, processors and storage of RoadRunner, the official record holder. The official record doesn't include prior worms like Storm. It will have more bandwidth than Google. It could store the Internet Archive a thousand times over, redundantly. It will have access to the personal documents of at least 10 million people. The operator clearly has the understanding necessary to harness all of that power or Conficker would not exist. Statistically at least a few of those PCs must have access to databases that know the medical history, credit application and other intimate details of the rest of us. You would have to be living off the grid since birth to escape the awareness of this thing.
And the guy running it won't be paying anything at all for it. They could if they wanted to make all those millions of computers do protein folding and help find cures for cancer overnight. The aggregate extra CPU load would probably bring several regional power grids down. They probably won't do that. Whatever it is they do it's probably not going to be good.
You know, I wish the people responsible for large enterprises would look at this and say - "Hey! There's an opportunity here. We could leverage our existing assets to do some interesting distributed architecture stuff between Greg the typist's keystrokes. After hours we could probably have some incredible data mining going on! Lunchtime our desktops could be doing something more interesting than driving that aquarium screensaver! You know, there's a lot of storage on these desktops that's could be put to good use..." I would really like that. I've been crying in my coffee for twenty years that I can't find somebody brilliant enough to do let me do that.
Maybe that's this guy's problem too. He got tired of waiting for permission from people with no understanding and took the initiative because he could.
Help stamp out iliturcy.
Conficker's trigger is a giant attack on p2p and bittorrent !!!
How it does it im not sure, but that is the ultimate agenda.
I've always been very much against botnets but I just thought that perhaps the botnets will be the internet of tomorrow, when the regular internet has been subverted into internet2 by the Big Media and censoring governments or the new world order and where your every move is monitored in real time, carefully regulated and stored forever and ever. Perhaps botnets will be the only way of natural communication in the near future. Bad for the (clueless) individual, good for the (free rebel) society.
Then again, I'm a black-and-white person in a world of shades of gray but I guess it's worth thinking about things like these every now and then. The world is a complex place and the future is always nearer than we expect.