Aardvark Daily

Please visit the sponsor!

Conficker still confounding

Do you remember the Confiker worm that was going to bring the internet to a grinding halt a few months back?

The world breathed a sigh of relief when the predicted apocalypse never eventuated and it appeared as if the worm, for all its sophistication, was simply another attempt to create a new spambot network.

Well according to the latest reports, Conficker isn't finished yet and there are still around five million computers that remain infected and connected.

And, despite the best efforts of some of the brightest in the field, nobody has been able to fully crack the mechanisms behind Conficker in a way that would allow this still-ticking time-bomb to be defused.

So should we be worried?

Despite its relatively benign activity to date, Conficker still has the power to cripple a huge swathe of the net through a concerted denial of service attack, if that's what the creators choose to do with it.

It's also possible that vast amounts of data could effectively be held to ransom or exploited for monetary gain by those behind the worm.

Sooner or later (if not already) you can bet that control of the Conficker worm and its network of "owned" machines will fall into the hands of some serious criminals.

It's quite likely that, until now, this is a clever system which was designed by geeks as a showcase and a demonstration of their design and coding skills. It's only a matter of time before a more nefarious element decides that they want to take control and use this valuable bit of malware to extort some serious money from unwitting internet users.

The big problem is that, as things stand, we're all pretty defenceless against it.

Even those who have taken great care to make sure their own systems are not infected will certainly not be immune.

Should the Conficker controllers decide to extort money, they'll simply threaten to launch a DOS attack against their computers if a big wad of money isn't paid.

Don't believe me?

Well this is exactly what happened across the ditch in Australia to a number of online betting sites.

A criminal group, believed to be operating out of Russia, demanded that these betting sites pay them a fairly significant lump of money and threatened that if they didn't, then their webservers would be knocked off the air.

Initially the sites complied but when more demands were made for money they decided to take a stand and refused to pay. The resulting deluge of bot-generated traffic very effectively removed those betting sites from the Net and left their operators powerless to respond.

Was this a test-run to see just how easy it was to extract money from website operators with the threat of DOS attack?

Are the Conficker controllers being just as cautious in the way they strategise their upcoming attacks as they have been with the design and implementation of the worm itself?

Was this a test-run to test the mechanisms that might be used to accept funds from those targeted by these threats?

If we assume that the modus operandi of the worm controllers will be to launch small, pinpoint threats/attacks against small to medium-sized site operators and demand small but not insignificant amounts of money from each -- how can authorities hope to respond?

Chances are that if the payment demanded is low enough, many of those targeted may not even report the threats to authorities, especially if the perpetrators warn that doing so would result in an instant DOS attack. If enough simultaneous threats/demands were made, authorities could also be overwhelmed by the demand for victims to take action. The sheer volume of complaints could make it far more difficult for authorities to act and if, like spam, just 1% of those threatened did pay up, the result could be a real earner for the worm controllers.

Maybe the only real solution would be to ban all Windows-based PCs from connecting to the Net.

What a boost that would be to Linux and Apple!

Of course we know that's not going to happen but it does prove the importance of building secure operating systems. We don't allow unsafe cars onto our highways, should we allow unsafe computers onto the internet?

Please visit the sponsor!

Have your say on this...

PERMALINK to this column

Oh, and don't forget today's sci/tech news headlines

Rank This Aardvark Page

Change Font