Slashdot Mirror

← Back to Stories (view on slashdot.org)

Has Conficker Been Abandoned By Its Authors?

Posted by CmdrTaco on from the don't-leave-me-daddy dept.

darthcamaro writes "Remember Conficker? April first doom and gloom and all? Well apparently after infecting over five million IP addresses, it's now an autonomous botnet working on its own without any master command and control. Speaking at the Black Hat/Defcon Hat security conference in Las Vegas, Mikko Hypponen, chief research officer at security firm F-Secure, was told not to talk in detail about the Conficker gang — the problem is that not all researchers were under the same gag order. Just ask Roel Schouwenberg, senior anti-virus researcher at security firm Kaspersky, who says 'The Conficker botnet is autonomous; that is very strange in itself that they made Conficker replicate by itself. Now it seems like the authors have abandoned the project, but because it is autonomous, it can do whatever it wants and it keeps on trying to find new hosts to infect.'"

5 of 174 comments (clear)

  1. Translated: by winkydink · · Score: 5, Insightful

    We have no idea who is behind this or what they intend to do so we will continue with wild-ass speculation in order to keep our companies in the news.

    --

    "I'd rather be a lightning rod than a seismometer." -Ken Kesey

  2. How is this 'autonomy' any different... by PrimaryConsult · · Score: 5, Insightful

    from any other virus? Last I checked, any effective virus has a mechanism to spread/replicate by itself, whether to other IPs on the same subnet or via AIM or USB drives or what have you. In April and may I scanned my network of ~8500 completely user-controlled machines and found a grand total of 4 confirmed infected. The IRC bots spread via AIM links were more prevalent.

  3. This is a real worry. It may be military. by Animats · · Score: 5, Insightful

    When enough users have been lulled into inaction and enough machines have been taken over, the enemy will strike. Meanwhile, the operators may be sending commands to specific PCs of interest. Security researchers might not be picking up commands targeted to only a few machines.

    Most anti-virus defense efforts assume the enemy is only marginally competent and has no strategic goal. It's clear from what's known about the Conflicker attack that the enemy is significantly more competent and better funded than those behind previous viruses. The Conflicker attack was updated frequently until it was deploying itself successfully despite defensive efforts. Once the attack continued to grow despite defensive efforts, the updates stopped. That's not loss of interest, that's operational art.

    This thing behaves like it has military tactical planning behind it.

  4. Re:This is a real worry. It may be military. by Opportunist · · Score: 5, Insightful

    Actually, most AV researchers do take their "enemies" serious. Malware writers are competent. If only because they manage to use security holes which require quite a bit of intimate knowledge of the machines (and the OS) you try to infect.

    It's not a secret that most malware writers do have a goal by now: Money. The days of the pimple-faced kiddy sitting in the basement and, out of frustration of not getting laid, releasing some worm on the world. That's so 90s.

    What's right is that AV research usually targets the "mass market", at least when it comes to AV development. If you're working for strategic targets, you usually can't make a big speech out of it, neither military nor government nor financial services like you blabbing about how insecure their setup is. So any commands issued only to a small subset of the botnet would probably go unnoticed.

    While we're pissing in the wind anyway, allow me to add mine: How about this whole deal being a targeted attack, and they just waited for their designated target becoming infected.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. Re:What? by sabernet · · Score: 5, Insightful

    Watch the series again. S.A.C. has nothing to do with a virus becoming self aware. It's actually a collective of individuals who believe to be acting autonomously but, in reality, are all following a pattern mimicking individual intent by a single entity.

    The Laughing Man was originally a single hacker, but once he stopped his activities, a group of others took it from there and their actions collectively created another Laughing Man.

    It's basically digital gestalt-ism combined with neural networking where each human is a node in the larger network without being aware of the whole.

    Sort of like 4chan, but much less horrible ;)