Run for the Hills – The Conficker Payload is Nearly Here …
This is probably going to be the latest “poof” in the online threat world, but the stories have been ramping up regarding April 1 and the dreaded Conficker payload. As a non-technician, I don’t even know if “payload” is the right term, I just like to say it, it’s cool. Another cool term related to the Conficker termis “botnet.” How many times are we going to hear about these malignant, anonymous botnets that are supposedly going to wreak havoc on these here internets?
Hackers: It’s not going to be fun until you take down some powergrids or turn off the lights at the Pentagon or something. For all of the drama over internet threats like trojans, worms, botnets, etc., has any one of these things ever lead to a “spectacular?”
Conficker has done one good thing for the online world. It’s gotten people like to me to totally abandon Internet Explorer. Since Conficker came upon the scene, I completely gave up on IE and went straight to Firefox and haven’t looked back. The real crime in all of this is not the 14 year-old unleashing some malignant code on the world, it’s the adults at Microsoft who have had nearly a generation to perfect the world’s most popular browser into not being a walking, talking security risk.
Here’s some of the latest Conficker news:
- The eight things you need to know about ‘Conficker’ – PC Magazine
- Flaw in Conficker worm may aid cleanup – Washington Post
- Conficker worm could be deadly threat or April Fool’s Joke – The Guardian
I’m working pretty late watching a few things going on as I prepare for work in the AM doing my support tasks of massive deployed systems… Came across your write up here, and thought I’d hand my 2 cents, if you wouldn’t mind.
Hackers, as you would call them, are not after mayhem, but the money. Doomsday and “firesale” movies like you see in hollywood are all about blowing stuff up, causing grid failures for the entire state of New York and more or less grandios and awe inspiring, but not likely to pay out. It is information that is sought, and information cannot be gained if the lights are out and none of it is accessible. Whether that information is credit card numbers entered as you pay your bills online or lots of email addresses to sale to the 409 scams, someone out there pays the programmer(s) for that information.
Botnets are not all malignant… the concept also applies somewhat to Stanford’s Folding At Home, some p2p sharing, and the concepts behind bittorrent. Of course, most of those are voluntary, and not zombied systems running apps behind your back. Most zombie networks you’ve never heard of are the successful ones that you still get spam from, anyway, so a new botnet is no big deal, so if that is the case, it’ll get figured out soon.
The big hoopla from this is garnered from the fact there are millions of machines infected worldwide that are not properly patched due to illegal/pirated copies or legacy installs running unsupported service packs or even sunsetted OSes (like NT4, Windows 2000 SP3, etc), or simply companies having the policy to not patch because “it’s working now, it should keep on working just as it is.” It is not Microsoft’s vision to support 15 year old software, currently unpatched software, or illegal software, much like it’s not mine to support a 15 year old computer, or help someone that isn’t paying me for the help.
It’s nothing to run to hills over if you are up to date, but the community at large is watching closely. Should be an interesting day, since the payload is not currently known as the execution time will be delivered when those systems connect in to their final target server. I’m looking forward to the challenge if it’s a genuine threat, or the laugh if it ends up a worldwide prank.
Should prolly let you know, viruses and botnets with independant (irc, upnp, etc) deployment like these are browser independant. All it takes is executing the code to run the app… which is done just as easily in firefox as it is in safari, chrome and IE.
Feel free to ask how my day was working through this… you should have my email logged… if it’s not caught in the midst of all the spam, I may get back to you on it.
Bravo! Thanks for your insightful comments. If you’d like to post another comment later today about this whole thing, I’ll put it up as a post on the front page. You might tell us a little bit about what you do for a living … sounds like network or desktop support? Thanks, Again Visconti