|
|
|
Will the World End on Wednesday?
By: Larry Seltzer
2009-03-30
Article Rating:  / 12
There are 2 user comments on this Network Security & Hardware story.
The security industry is contemplating the post-Conficker apocalypse. Good thing I still have all the guns, ammo and water from my Y2K preparations.There's no question that Conficker is the most significant malware,
and certainly the most significant worm, of the last year, and probably
the last few years. It's versatile ("blended" is the malware term),
well-designed and run by what appears to be a well-organized gang. The A
and B variants of the worm built up a botnet estimated at up to 15 million systems.
So the news that Conficker.C, the new major variant of the worm, will
"do something" on April 1 is good reason to wonder what will happen.
There has been a lot of dark warning about this date, all of it coming
out of uncertainty: We don't know what will happen, therefore what will
happen could be truly horrible. Conficker is also known by the name
Downadup by many vendors, including Symantec.
I think that a long
and detailed analysis of Conficker by SRI International which
explained the sophistication with which the code, including the C
variant, was developed, inspired many a deeply concerned quote from a
security expert. The hysteria record surely belongs to "millions of computers
expected destroyed, Fear worm spreads." Everyone's getting into the
act. Symantec even reports that fake anti-malware
products are poisoning Google searches for Conficker to push their
unrelated wares.
I haven't personally examined Conficker.C, but every analysis I've
read of it indicates that it's a better Conficker than B in many ways
and a significant upgrade. It seems, for example, to be state-of-the-art
at disabling security software running on systems it infects. But what
can it possibly do that a world of other malware has failed to do?
I have a general philosophy about attacks like these: Anyone who's
vulnerable to them has almost certainly been hit already. If they don't
have Conficker, they have Vundo or Koobface or some other horrible
malicious program running on their system. How much worse can Conficker
make things? Perhaps they'll actually notice they have a problem.
On the other hand we have people who take minimal precautions,
usually free, to protect themselves from attack, and they're largely
almost certainly protected against anything Conficker.C has to throw at
them.
There are two big reasons (and lots of smaller ones) to believe that
Wednesday won't bring us a major Internet event: first, there's reason
to believe that not many of the systems in the Conficker botnet have
been upgraded to the C variant. Nobody really know for sure, just as
nobody knows the true size of the botnet. Sophos told me that the
reports from their customers show C as 6 percent of the Conficker samples.
Microsoft's Malware Protection Center also says they have observed a "relatively small
number of Conficker.D-infected machines" (Conficker.C is Conficker.D to Microsoft).
And in the big picture, Conficker just isn't a high-volume piece of
malware. Check prevalence lists and you'll see a lot of other threats up
much higher. Note that Symantec calls Downadup a "low" threat.
As a blended threat, Conficker has many ways to attack, from
copying itself to weakly protected network shares to USB drives, but
almost all systems infected with it were infected through the
MS08-067 RPC vulnerability in Windows, a patch for which was
available two months before Conficker ever appeared. And it probably only
ever successfully attacked XP systems; while Vista is technically
vulnerable, exploiting it is almost impossible. My guess is that the
MS08-067 hole will remain the main mode of attack for Conficker and the
main thing making it stand out from the rest of the malware pack.
But if you install patches on a reasonable schedule, and you have
other reasonable software such as firewalls in place, it can't get you.
Throw in some common sense about these things and you'll be just
fine.
I agree with the Internet Storm
Center at SANS when it says, "Based on these facts and a wealth of
other information, we at the Internet Storm Center believe that April
1we be more or less, business as usual." I know I'm not worried that
Conficker.C will do anything to me on Wednesday. If there were something
it could have done. it would have been done to me already.
Security Center Editor Larry Seltzer
has worked in and written about the computer industry since
1983.
For insights on security coverage around the Web, take a look at
eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack.
|
|
�������x}ks۸q�f89��zڎm9�dj� I�S$�IΟ_n߸�҃l'�bK���Bޛ�$\i9cr3k��j>w߽ !�?Zf8i�TE[�]ߤ~�Am;t� =4mFNHB��~}@~sf7��D%x�_'Щ=ѩ&wɄZIКo�ؗ>}~ql�.pvLQ�m�Qk$Ё_M�ܦ�%#xERzGGEQ}"k[1t�U�N(�oT|�0tTǖþ�=a�>"e%�k4�ʏшIGO00{/<��Pcw
̪�Ҵ�Gdh=vu H��`N$=+A<�ЌaS�/!)d4V#KkF?Ķ�h�G's�:�]dU~�ƷP7Ǿ;s#2W0XMXV�0�wS�&�&>Bɤ:ѰħF�r$˺Y4�h4öCCٰ5R9r\Jy+^y||,>Z>�>Y\hӷF}/Kj�^;�7��(֝{p
n+V�a*:^O�ڗoa\b'H�|#[oD�V)��UjT:(¤Ԙ8|5 uz�P
�%oPa)ڱVR\FZV@``%�pbQU�>Ϧu}{sI}zqri#|#9Ġj�PEb�+�g`�4X-:/9:gݻ�9ޒiѝN4p3
Z_Zr�\?-�=:$~�54Y�01\�
\^�Jj-��gǛ6))H|W:�E��u'PZ,�fRrVT|Y|ԛE34�i[��2)�ߖI�7[ �)��Q�4VtB=<(�H�)5?�&9gMi�l&XJp?�Ҕ:`i˫�1TE0��mESu3
(J�"bA3�ɋ�E94>BzBp4A��A�ӧIz|JMk6m�uI=X�C#ʠ�:ڴG\�V���4!>�&-`�Qi1[W <ۋJ!PI�x�ZS�xv�&z$tm�`�~�5$ǎ�@ �L���s'09��ښB�"�Qފѡ4�a�
hi��p�pp�yY?�0�»g��{`���5�#~[-[�Z6x�O͙A Q�F\Qo�@g�dSJJds���4.'H(AH �9[h��� ]��99�
�ŊP~ݑ�vZ)JH�T*nO�q$]cwV**es�MX)gQY,�p[/)�Pf%�5{~4�cbB�|#'&�Xr`Y
�\d+|�i)lc
[6؛ri:|:ioB{4��0s���uY,$-Xb ə�&)C
IK,�4� x컏�BoBCEs�J`|fX�4К3=PA\^�X�P�aN&�]6(tsj9`XƄWjP�~�A-���QMGlz:{mQHu�K�v;u@s>n5
~"Vn�znr��#*F&fy>e~>Ꭴm[4�@~T&]�\qα�q�B&�k*H(Y3�b-y6y"N{�
+k&㓫(\=P=Д�f�+b*q��(>�t�P\O�&ō4�)�BЊO}��?ٲJd-Yֽ�k�%fsP�u�J@_�E��9&ےx��A-ʘ�ƗZZ"��J�P>VL"�Cɧ8$&le2L�E�6���pZ#�7l{`(`R5 KA+��٫ X3l�d �xA�qF�F͔`�@D�Ll5T�79թz�4�}&�HGM3ϐ쀡r
�.f>�룔YXp�$880U�]2 agThj]Mafyb|F�ȸ�:qm�XbO@s�Uzqg0읷ׅ]%/_(�6���uGу�&9Je!6�#�{e!{W+�(-jE)jy�cl
�ؑq,�Y�X6Tȵm1�1}�Ⱥ3'Q(JЧVȕB@K@Mq��έ!W3pPS@ �bN�4(Nu=(U�+埯Y@�*# ��k�
Bo`"12l�3u�/.ztsݱM% i�4Q.)J5E��` L�] �T<�ty;�
��F:6.���1H#60/`k
�^@>^��%%@�P0"AcK�鬡cKU1SOm{hC��y=X\�(Tt a�"!1}ڣ>ns�sQ*/sW+�f)T�;Ofz^*k 6ЪZ�Z͎^�=>YP�2z�4b&�c��оL�k}�YPa7s�boY
��Lj��B&:GdHC�>�+`ΘT:[Gw=܁c2P?H(TZ�g7cMś]ac6U�{zn&R)Zg�,7vh\�JW>67=�d��"9Gӏ6V"�=_`�sQ�l
xv@̬;}� u1m94c~���e�-0�>O�i[LFb��T~���3�gbסڳnn22玾~XF�p��A K'}�3O>��Ǥ9XYb5�J9��ޣ�0)�6@yz"�@��ê
VZ�;k}zCd�CZ=s=�?3?^�5sr�o6=R�J
�=cx��e�>u1�'Si��}�[U�}Ԕю�"eƬɲ7(6��C�iA/%e.�]��>�_I|SeFr+Ձ�,OxV֪EzX�z�,)uzl�"R�rK�Y�7uȋ7:P'#I?+*~Je�卨:k1TʵRM()C���4r�Ok,���ZKq�Xk�kp��9
=2j=uR=,fK�<��@vܖ�[J,]>
Ba
u(
=(t] �21簤�v��˽'j�H@KY�J7e^V*V$,< 7�C�d,�LGI<^�:&.rOf�ss]����`_A|7=���#S�͆Rie�mR�ߓN\Y cĵ��)$jZ9 OYdY.���eժR+�8N3A��y'�
vB�c8`�CMM8qc
�oR9���
"�_�I�84L
xϰL�'JUVqm?3 c�SWW7�ן85A A D@"D;n?%
?�S-Ѝ 8�FgMX1BNs�E])ww�)il�{ݗ[WˏGx��z��DGoNӽ>⭃b>&�λ~&`�WO{,5.�Ї_Y_GrL`Q3szG�Y^�9g��P �K1Rc�bw}WszQ:[��m}ޏ�<�.�d��hI^ 8Wwk%e;&붔u�߽�<�rLpBj]v]��(d�0
sznF� 6b�L`fX&I�#S�W5C2�x0E�����`y,۳-'�^�t�}Xxr
�q�a&lS�/q�
Bb-.�3BߐtPVc�� (ʱ�=`����`�VɈN1>�c/H4��VBL0B�_�XH�!)$ze��M<;kvo[(�6[�F_�gE'K;\-g[M7S+dI�GD_q+5�'=?E][k'u>�!9���ۗ�4xYA$K�21xc�`s�A\d~h��eԉ)%2�\ ��{-~�8��cdGQ�(S!Gt�$�zbeQnKlx4e�RȔ&=J8
z>SB&Դ5˓4-i^�Eqj�i�e�ʒ��~ j' ۡX#�ۓ�ݴG8
(OMkzwisy/Psn%3�sgKeҊ�� P�k��i2R�H�>a'�-�g��+y--E#]}+
i�<��R̅0O�<� f�Ү�zX,�гO5nw�|z@:Q��-gFq?Kmظ�2UT(3X6
w{�{B�s��?݁C�O6v=ICo6FO9�S1!� zNhs) =���cGm:{��@�@GP$"B�[G�GSɝ6�Xw=uS�a��+0q)y@uSOf�
95C/�r°Ul(=l�G_t?�K{ѧmE��4
wtȳV*
14�XH�!H�nm
X"2gNIJa/>��d2
,f}��x3rTo��4iɜAh�l7B_7�C\�`l_�c���A�Acq�U~�(TR��n
/fO�"J骇�9���S|MU,^RRMJ^&k���" h6`�#[!0�N
ئW�1_3�~�O�O=�rm�'��X�
?�*�4lo
A[*-�)$Ι�a�d<$J6�˶wVp�*gcc;/F#`��O(6-l�@|Pr/�h(0i�ajcZ�Oq8|+؊wf_��O�6oN{kA�|;-e�\1R_?
w2�1����
\��i{\nEa�Qn(^ h��}�"�t�(u��KC&SˁUm=]W쨌;t��0�{�Su-'��dN9 ~TJ!<['<\fBCן���Ʌ�xV�a+X�N��<(A�*Z�x7
/��{)�v�����츮L��xL�c�i����s -�2P+� ��ȏ����J_'vR� O��LZ<:,_˰ ��Q-$FD^�چ&0{.�s�pe��Y�}$1�G^%?�ۊ�I->kbb [6a;]r-٧,WxTڥtIt+dU%!�X*,q�L�}¦zI$ f/iM6>-O&<"�YDN(O͜NS;�dr;eXBh�l7k42yr
1a4u�".z8IXn0֔xJjr_~v_tx9쏧�M��Y͐ɒ�O @OxׂڈPJ-OڼP�y%P�?Pb[HP1T="LF~`�[Q&��Ի![�BG��*a@�dٶtMABKR�ʂI\��O#N�L�<�_���.[D��Y~Ҕ\~3��Con]uUWȁRJ�>�e%;g��3O�Υ���`R�xR.oE_1d�A#9!K�4A_-=�C1rvDCs�v�nKw]��9Ѥ3Ɛ�t��g J�Ō3n/8�E[4~Q��!�Hz
��@�g��{`ܢҮRʶR~)Z)L-c
=*q U/LS`u>^$0C0�܁��0x�
y.."48nw$+UdUy9�$yO p"u�s�\dN@:ݩ^BFͧ:�8)94�7FXcAD*Q�a陘i>e*�es6@�Y4VfjREm#Fm La�7a��*cwEɒ$��y:X"�xG}GY�@N {9999�rT/?߹ȫ1gK;fe�Y3v#m'lz,b|��}Llʣgyt�0߸<"�xK8D�I��D 6?q�!065T2+'c9he�e�y�,D4hfK;-)uH0=$X�.K#��,LQz
tƠ��D@�Ȍ�[FP2Rh[bL�[a��)�&=:m'�(�EG)k�_#�y'�Aоt0coȚjl9/0nҔWeK/9"{%|#R6yc7�r)r^!∄{`�|Tn*)F�ϣ[4Z�,||'�>�$����
�|1P[{;1-�0le�V^'���h <4�Fճh����0{8թ��~͝sE~Eooooȯ�Y[ngd�NPBy�AiX7�&VHm+��`φ�&�?"*ӆ��r�^��/�m4ͣkn}I�ey�eWR�dk�zYSzbK}~Q�%ɻ_ߴn18o|~oۚ�Ya�u�;��-�pG6k�z[+.)| g~0Cqf=�LG�zlï^�BY�f-e։5V(����i�Sƚe<
l~9j[$�@=��YJ�>8ZBO}�k҃�:?w}Lh5h
k0Iׂ^_VB_O}KY�ȼ
o-^F�ܓMفat�wb%6Y~�gj�w �/Q4Ff>�4
aLDW��lߌgCӸ�l`�tq"�o��(\7���~�X�2I�q��)#=F(K��xll9�QYH�:�[2HclQ�4�"y�?q�T��ݥ1eu,h6E�hf`iO3ط�/0I_n]KL�G�vT{�(�kt'<~/%%�jqh!W:,%8-?O(p��4��o][I'�Hro!D*F]{F9-("�/婩~;�P-�*%8��YWS�hq�Cv�J�rza#�ʵmq|�_iDY@�q.""MP e9LiCO]EL�a�!-(�-n]~�aIz5H&Ȉ$�9�Q}EMm&^z� 0kQ0�7'&lZO�'�q�/�+��2�ۏAE&Lj>#�A%�ey3�Ou{iQ*è1gfS�Y�h9ѥV�cj9FWj5P]O?�P.���]ZˣXuV%d�{��q_= ae*B 'UNz
ԣ:BMMŗR�WU"j�%�gx?�k֍qo곚bfƆX5�0�Vz^3!K�Vy
�6vn&+k]қ≡ĚU�֝Uؓ�Rcע-*);,Ouee-uF���'�2Cmf|�5,\�7BπJj>A4biR)O"�̶qgR
?ZIj؋P^Cs�2]+uMi
fOPf�3,�V
�@=(urK�}ez`q�`҇�E2jɣn#/'#w6Rʥz53s~&���K5) >[S~
|-�>(vBAf��X$6 U�ļw�L.ȖCaw�~g�^:<��xr6B>� gݹ&Hu+nA{�Y,It:suN0ۉpd6íT2ý2�HH�+s�Y0�x+jϊ5BU-��bx�D�vZ*f63Z5B;�Y�]|F|1E�ƕ)<�1�>�U<�1�1t+PγjN�T\OpY�}XC3 M�__ݼǭRVW_�ru�ZS�_�DL�_�dq�mm�B+�.� Бp�}��UI9�T~z�ɻ�h�:��QhTJu
o`�|$��{
�̥7b?= /θ��9��wǃ�""a=X@*>n�de�HX�89t��c��Q"�p�7wH�%n.~��V�YNƹ;Cym!���Y�y; }i0x8�07tSc�~s�CRO⺢�t�,a�]ĵ0�V?�fC.7,M}C<-l
� \Z�P4eY=F}uO9TJ�ƈ\琟�Ð�3�{PŰD´ c� 4Q�?���cM�sx�XҚ�m�!�ah�\]q��bZ�Ř!buo�iĔy�9x�%6:�=j��
cc��Z|E,�{{GǙ;fSZ,��s�уPbG~�Hg�U,�A�s�"��V2���![C1P/Rfjs# a/x�a 3��sĮ"(3[��]ă0>]]waq2?y
:�5fé�b�\�]:N���5jr
�P�P,`A~zBj�@̔0�(cNMs�BG4_ �D1�ka]M,#�?0�(��.Ō��CZS*ѓȤ+t�+R0cU+_c�P~�w^7DK��z+YT(������I+�;�^�hh�� t0 �c3B's?cGr%-r~nm^e��;a[+�M|폺SwNg�O7�;u<|�|isyl25^�
Q�9n]28S�8\H�^Eǒ�2�^ûKwE�Gcqq�^ ڣ;'a_n�E_VC�ĸg~4A��)oݶ{=-�[I-�gG>;yQS̑:o�jS#�[}uR���GM&�J8���S^}'v�n�2g(9�(%�oח0FNy�ʻ9HgvN)/?��]N߽/:Eg}yC:9CL:�ϽB^NG(�_�mʙ+�U�U�|U�~�?W9_
*>>r�y:g�CN�_�S~�W909{
s?09ׅws�͑?]/�r�qC�7M@?9Ӄr߃r�__P�(W�3��9r�rڿ�ˡ�=��>kT�$RhK
"�S^9,s�V=ןbM�exG,DlDZJ5Bf�aO@z6&s"\�5½qo>eybn�AR̥-c�@#Cq�N8����G.�v�)�n7��pK|���`
�nsOkz>s}��xvY^]Y��\�;Yo�%P.YC�IsDge' A�Ѻ`�*��O��WY:�-K�baPŹC_�
j'܌3�X�ڧo;i7�i^.�7wmЙM�%aCe�GӰ�XS/US
!Pi0��p=�礟<���vڢ{&�|t5pÅ6A|7v1X90l��H�͆Rie�jR�ߓNnԷ5��= O1�Q5YUdN.��jUR�L�3DA�yg�
�l]{ۦ�̾ZCO�3CX)x�̺nk�%��.�<��tle�)U|��y3�"�`TS;I�@9$�L�o��9X�j-.#2�箋Q7!+0̦I
�e5� EO�p�Z!�|ۨ�=]wrn#�kUWvu7��/T��3��|1���c͘ݷ%]Q�O"c�x�Iϐ�R([#1PXY/�u[8�:\5�m$�$���&�3@�gQlVxRD�]�szn0)� �KBl�PխVoU��T��x��/ē_| Њ3�+R1=�zH|k,XoOD�
���%�^Πb/�K{KV9[(�(&�]�a1Fʫu\r�$rfR/��9"%
oPm��<%����* >�.�X&"�>m�<'.}Au�)��DEP!/;v2�S*4%Ұ)O?n'[n
5E`�0voi@1ΪT�U|��>cx w�]�/1�ee|�nHJU֧f2{G:�з��57d�8[|�9ނ4�(N�AERb0
�yM&nފ�}���0uGĶrC�R4mLepw��Rvc��%x�dv6qS�g _((U@NDqg˫Hvx
6s6NA�^h���<�7�ym�ox�:"
7]Kl� Ca]R>GK�
]'[٧3�й?-RW/���e;͌��_,�,�{ �QFb�VC�8u
vKѪ
v�7"60ޏ�P�|@��xS
b
\bգJv)E9b�릍\
�Ѩi�pKTؕE'n��d�^k'oym/D]Y>�Ѝ5�ϱ|�3'5c��b@xVO�m{~k�#'>
g~sxsv
2^9FBL�jH2mf^^kti�(�aa��X�
|
Network Security & Hardware 
