Privacy, Security & Virus Information
Where Does Conflicker Come From?
The hunt is on for the Conflicker worm and it’s not only Microsoft which is keen to find its origins. They are particularly frustrated as the worm is designed to attack Windows-based operating systems and the Seattle-based software giant has put up a reward of $250,000 for information leading to the people behind it.
Computer security firms are also working hard to find the perpetrators and protect computers from a Conflicker attack.
There are many rumours circulating about the worm’s origins and a Vietnamese computer security firm believes that it may have originally come from China, although there have been many other reports that is actually comes from Russia, or mainland Europe.
The Chinese connection is based on a thorough analysis of the worm’s coding. The Vietnamese found that the Conflicker code is very similar to a previous virus, the Nimda, which in 2001 caused so much trouble on the internet and with email traffic. And Nimda was claimed to have come from China, although no hard evidence was ever provided.
And guessing at its origins is hardly going to help the international effort to rid the world of the Conflicker.
And the reason why this worm is being treated with such attention, is it acts as a portal for malicious malware. In other words, the Conflicker worm acts as an assault troop, working ahead, penetrating a computer and knocking out its defenses. Initially it took advantage of a security hole which affected all 32-bit and 64-bit Windows operating systems. And it even attacked those with the latest service packs.
The worm used the hole to penetrate the computer via a memory stick, a local network, or the internet, and it did so without any external control. And once its penetrated the computer, Conflicker then sets about switching off the computer’s security controls, preventing security updates and disabling various applications designed to stop it. In short, it acts as a hostile parasite which renders its host open to attack.
And once it opens the door, it welcomes in other pieces of code that allow the originator of the worm to upload any information it requires, including passwords, finance and personal details.
But what’s worse, is that Conflicker updates itself from randomly generated domains that it itself has created. And the amount of domains it can generate is more than 50,000 a day, so the operator of the worm needs only to use one of the domains to control and secure the update.
And its ability to update via any one of thousands upon thousands of domains makes it so difficult for the teams chasing it to close it down.
Cyber crime experts are also warning people not to become complacent about Conflicker’s much heralded update and outbreak on 1st April. They warn that this itself might just be a ruse to get people thinking that if they prevented an attack on that day, then they will let their guard down when it actually does attack.
But it’s not all doom and gloom. On the plus side, cyber crime experts state that in some ways the problem is contained to around 12 million, or so, computer users worldwide, as they already have a Conflicker variant on their computer and are connected to the internet. The latest version of the Conflicker is basically an update and is looking for code already out there.
And it proves a point that if a computer user wants to keep their machine free from such nasties as the Conflicker, then they best invest in a very good anti-virus software programme, with regular updates.
McAfee provide solutions to prevent disruptions and effectively block attacks from known and undiscovered threats worldwide. McAfee UK offer the best in web security. SAVE up to 50% online today!
< Back
RSS