SOME 10 million computers infected by the mysterious Conficker worm are waking up and "calling home" as instructed by an unknown master controller who used April Fool's Day as the trigger.
Australia's computer response team, AusCERT, was on high alert yesterday as global IT experts monitored regional - first past the dateline - activity, seeking clues to the malware's author and the feared attack plans.
"Infected computers are trying to find a way to call home, but at this stage nothing malicious is happening," said AusCERT senior information security analyst Zane Jarvis.
"We're seeing hosts do the look-up for IP addresses of sites like google.com or microsoft.com, but nothing is responding and they're not getting any IP addresses."
Mr Jarvis said there had been an increase in local network traffic, with infected machines apparently programmed to do standard Domain Name Server requests for a set period, then "go to sleep" for 90 minutes or so before starting again.
"It's possible that the controller will wait for all the attention to die down, and then do something when everyone stops watching," he said.
Also known as Downadup, the malware exploits a vulnerability in Microsoft Windows systems that allows a remote hacker to take control of infected machines.
Microsoft issued a patch to fix the bug last October, and people who regularly update their software are protected, but an estimated 9-15 million computers worldwide may have been compromised.
Security analysts are particularly worried because they don't know what the mystery attacker has in mind.
Threats range from financial fraud and identity theft on a grand scale, to massed armies of computers being used to launch denial-of-service attacks.
IT security vendors such as Symantec are monitoring the situation, and plan to issue updates if any suspicious new activities are detected.
McAfee's regional technical services director, Michael Sentonas, expected more network traffic overnight as users in Europe and North America came online.
"The biggest unknown is whether some dangerous functionality will be unleashed," he said.
Mr Sentonas warned that publicity over the threat had spawned a large number of "rogue websites" offering fake removal tools which people were downloading free of charge.
"Unfortunately, these so-called anti-virus detection and cleanup tools actually download other malicious content, creating a never-ending cycle of threats to your machine," he said.
"Rather than doing a search for free tools on Google or Yahoo!, my advice is always to deal with reputable vendors _ all of which offer free tools and advice."
Late yesterday, the US-based SANS Internet Storm Center maintained its ``green'' internet safety rating, with director Marcus Sachs saying that while "over the next 24 hours Conficker will change the way it communicates, we don't expect much of anything else to happen".
source : http://www.australianit.news.com.au/
1 comment:
ironically, to help people from being affected by Conficker, the government could issue a public statement telling people to stay *outside* as much as possible...
Post a Comment