|
April 1, April Fool's Day, is a day of practical jokes (are you ready?). The first day of April 2009, however, is also when security analysts around the world watch to see what happens to thousands of computers because of the Conficker C worm. The Conficker C worm spreads through malicious websites, unreliable downloads, and infected USB drivers. Conficker's early versions have already spread to approximately 12 million computers and those that had the older versions of the worm have been upgrading themselves to Conficker C version to protect themselves from detection and removal. The Conficker C worm presents itself as a Dynamic Link Library (DLL) which is strictly a Windows entity; so it is not a threat to Macintosh or Linux based computers.
Once a computer is infected by Conficker, it can be controlled by the creator of the worm. The computer becomes part of a botnet of many infected computers that takes order from those who control them. A botnet, or robot network, is a group of web-linked computers, sometimes called zombies, which have been commanded to perpetrate all kinds of online nastiness. Typically, a bot is installed on a machine through a Trojan, a dangerous program that can find its way into an insufficiently protected computer in a variety of ways, such as when a user clicks on a link to an infected web page or e-mail message, views an infected document, or runs an infected computer. Once the bot has made itself at home, it opens the doors of its new host computer to its master, who can instruct the machine to engage in various immoral activities, such as sending out spam and phishing emails or launching the Distributed Denial of Service (DDOS) attacks. It might gather personal information, install malicious software on the computer and attack or infect other computers.
But what is the difference between a virus and a worm? A virus is a small program that enters your computer inside a file that is written to alter the way a computer operates. Viruses replicate and can cause system crashes and data loss. A worm is a type of virus that enters a computer through a weakness in the computer system and multiplies by using network flaws. Worms can replicate from system to system without the host file.
The Conficker C worm is scheduled to come alive on April 1, 2009. So tomorrow, copies of the malicious code on infected computers will try to generate and connect to 50,000 web URLs a day from 110 domains around the world while trying to reach a command and control domain for further instructions. A group of internet groups and businesses led by Microsoft has offered a 250,000 US reward for information leading to the arrest of those responsible, but in the meantime, make sure you have proper Windows security updates and anti-virus software installed, a security scan is available on Microsoft's Web site here (it only works with IE).
But the question is: What is the purpose of Conficker C? No one has any idea what, if anything, it will do, and if it is anything more than an April Fool's Day Joke or an unthinkable computer disaster.
-Heather
Author's Note: This was submitted to the blog by Heather, one of our corespondents.
Sources:
http://en.wikipedia.org/wiki/April_Fools%27_Day
http://en.wikipedia.org/wiki/Conficker_C
http://en.wikipedia.org/wiki/Dynamic-link_library
http://www.apple.com/
http://www.linux.org/
http://www.tech-faq.com/botnet.shtml
http://www.wisegeek.com/what-is-a-zombie-computer.htm
http://www.tech-faq.com/trojan-horse-virus.shtml
http://spam.abuse.net/overview/whatisspam.shtml
http://technology.inc.com/security/articles/200609/phishing.html
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci557336,00.html
http://www.microsoft.com/protect/computer/basics/virus.mspx
http://www.tech-faq.com/computer-worm-virus.shtml
Editor's Note: For more blogs from Dr. Rabiah, visit Science Chicago's website at: http://www.sciencechicagoblog.com
|