Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Blogs
    • Security Watch

    Conficker – The Paris Hilton of Botnets

    By
    Matthew Hines
    -
    March 30, 2009
    Share
    Facebook
    Twitter
    Linkedin

      As I was watching Symantec security expert Stephen Trilling brief “60 Minutes” correspondent Leslie Stahl about Conficker last night, I had to shake my head in wonder at how high profile the attack has really become.

      For a single malware campaign to gain such specific notoriety just seems pretty unprecedented, at least since anything that we’ve seen since the ILoveYou virus and the golden era of worms or something. But the fact that Conficker is becoming a household name struck me as somewhat remarkable, it going so mainstream and all.

      I actually had to stop and wonder for a minute if all this newfound attention is truly merited, at least in the sense of how significant Conficker is compared to all the massive botnets that came before it and those that will surely come after it. I just had to wonder why it is that Conficker has come to captivate the peering masses as it clearly has, in addition to the usual security research crowd.

      I’m not sure that I still understand yet why this is.

      When we saw initial reports of Conficker, the most remarkable aspect of the rapidly spreading botnet was that in addition to employing traditional Web and messaging-based means to spread itself, it was also utilizing USB memory device propagation techniques to find its way onto endpoints and networks. Pretty cool, I thought, but not that monumental or anything.

      In other regards, it just seemed like another powerful new botnet, one of dozens or more thrashing around the Internet at any given time. But then it just kept coming and coming…

      Even with the advancing reports of Conficker’s growing presence across major networks, and many enterprises’ admissions that they were getting nailed by it, it truly was an eye opener when the whole anti-Conficker Cabal effort was first announced, both in the sense that this one particular threat had attracted so much attention, and in that it was raising the hackles of such a high-profile group of organizations.

      When Microsoft and ICANN and a whole trove of other big names are coming after you and putting a $250,000 bounty on your head, you know that you’ve created something beyond the ordinary. All of a sudden it was clear that Conficker was becoming something historic, or at least it became evident that a lot of influential people thought so.

      But, the truth is, the more you look at it, Conficker is really just the latest and greatest iteration of a certain ilk of botnet that we’ve actually been seeing for a while. A very highly advanced, rapidly proliferating type of botnet generation that reaches at least as far back as the Storm “Worm” campaign that first caught everyone’s eye back in Jan. 2007.

      Because, despite its name, we all know that Storm “Worm” was actually the Storm botnet, but its newish P2P method of spreading was merely something pretty effective that we hadn’t seen an exact replica of before. And it similarly thrived seemingly unabated for a good long time as well.

      Now, of course the technical underpinnings of the two botnets represent very different approaches to infection, but their central idea is the same.

      That being, the bad guys are constantly toiling to create the next breed of botnet that can circumvent both the defensive means being deployed by end user organizations to stop them, and, even better for the (bot masters), discovering new ways to keep the people who run the backbone networks we all depend on from being able to choke them to death.

      All that Conficker has truly done is establish a new pattern built on the ones that we’ve already seen, but its buzz factor has really impressed of late, especially considering that the attack has already been around for almost 6 months.

      Currently, there are a whole bunch of people running around arguing whether or not April 1 will be some sort of Conficker doomsday because apparently the date is buried in the attack’s code to the extent that it may have some significance… and just as many experts are already saying that the April 1 thing won’t pan out.

      Just a few weeks ago, one of the world’s foremost botnet experts suggested that Conficker might have already hit its peak, and potentially even be poised to falter.

      At the same time, Conficker has become so entrenched in everyone’s psyche that the people trying to get end users to download the threat are apparently simply sending it out over Google marked under its own name. That’s a pretty direct method of infection, but as evidenced by the “60 Minutes” piece, the attack has become so ubiquitous that a lot of folks are likely going to Google to research it there anyways. Who needs social engineering?

      Conficker is unquestionably the current cause célèbre among botnets, which only just a few months ago seemed to be threatened by the ability of researchers to merely shut down a shady hosting company or two. And, we still don’t even know what it does, other than spread itself quite effectively.

      This is all sort of amusing to me because, the more you follow these attacks, the more you realize how by the time you hear about something like Conficker, especially on mainstream TV, the more likely it is that it’s probably already being de-emphasized by the cutting-edge bad guys who’ve probably already sold it off to someone lesser and moved on to something else that nobody has even heard of yet.

      It’s interesting to consider why Conficker has become such a media darling. Why now? Why have people decided to care so much in this case? I’m not sure, though, it can’t be a bad thing…

      But for anyone who has been following botnets, Conficker isn’t so much something that seems surprising as much as something that seems inevitable that will mostly likely be soon surpassed by another even smarter form of botnet campaign… it’s actually already yesterday’s news.

      Is the story here that the mainstream is finally getting a fix on botnets?

      Well, that’s good, but only about five years too late.

      Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to [email protected].

      Matthew Hines

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×