Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • PC Hardware

    Conficker: ‘Headless Botnet’ Still Infecting Windows Users

    Written by

    Brian Prince
    Published April 2, 2010
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      On April 1, 2009, the Conficker worm played an April Fools’ Day joke of its own on those who predicted an Internet meltdown.

      But instead of a meltdown, infected computers only got a slight update in functionality, followed by brief attempts to rope them into rogue antivirus scams and then months of silence. Right now, Conficker appears to be a “headless botnet,” opined F-Secure Chief Research Officer Mikko Hypponen, a massive Web of millions of computers that isn’t doing much of anything.

      “The gang has done nothing over the last 12 months as far as we can see,” he told eWEEK.

      Vincent Weafer, vice president of Symantec Security Response, agreed. Beyond computers infected with Conficker.C downloading the Waledac malware and rogue antivirus program SpywareProtect 2009 last April, the botnet has not really stirred, he said.

      “However, it’s important to remember that with an army of nearly 6.5 million computers, the threat remains a viable one and should not be dismissed,” he added. “To put this into perspective, the Mariposa botnet reportedly infected more than 11 million computers during its lifetime and the Rustock botnet, which actually sends out 32.8 percent of all spam, is estimated to sit on somewhere between 1.6 and 2.4 million machines. So, Conficker may not be the biggest botnet ever, but it certainly is a major one.”

      Perhaps not surprisingly, there is little news about the identities of those responsible for the worm. But there is a digital trail of bread crumbs that law enforcement can follow-such as the source of domain registrations, code similarities with other malware and the source of rogue spyware associated with the malware, Weafer noted.

      “Tracing a worm back to its origin is never an easy task,” he said. “Unlike a traditional hacking attack where there is a relatively direct connection between the attacker and victim, a virus or worm is very anonymous and indirect. The author creates the virus and releases it into the wild, perhaps never directly communicating with it again. Infection and control commands are directed from other victim systems in multiple countries using encrypted communications, so it takes a lot of time and effort to track down each system in the chain, and by the time law enforcement gets a court order to access the data, the evidence may be no longer available.

      “In the past, virus writers have been identified from postings they have made online … information provided by their friends for bounties or dispute, or because they directly connected to the virus or bot from systems registered in their own name,” Weafer said. “For professional criminals, however, these are not usually mistakes that they make.”

      Microsoft still has a $250,000 bounty out for information leading to the arrests of those responsible for Conficker, which got its start exploiting a Windows vulnerability in November 2008. Variants B and C (also known as B++) also spread by abusing Windows’ AutoRun feature for USB devices. But for all the computers the worm infected-and continues to infect-its biggest legacy may end up being the way it brought various vendors and security researchers together.

      “The Conficker Working Group was probably the best example of cross-industry cooperation I’ve seen during my professional career,” Hypponen said. “I think the biggest lesson we learned was how much more powerful we are together.”

      Brian Prince
      Brian Prince

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×