MENLO PARK, Calif. — Members of an informal global alliance of computer security specialists who have been trying to eradicate a malicious software program known as Conficker said Tuesday that they were seeing early attempts by the program to communicate with a control server. The researchers said they were uncertain if it had been successful.
The Conficker software, which has spread aggressively around the globe since October and is designed to lash together infected machines into a powerful computer known as a botnet, has touched off widespread concern.
Computer security researchers who have examined a recent version of the program, called Conficker C, have said it was set to try to download commands from a server at an unknown Internet location on Wednesday. There was no certainty about the intent of the program, which could be used to send e-mail spam, distribute malicious software or generate a potentially devastating “denial of service” attack on Web sites or networks.
The choice of April Fool’s Day by the program’s authors, who are unknown, has led to speculation that the program might be a hoax. But a variety of computer security executives and law enforcement officials have pointed out that the program, which has spread to at least 12 million computers, could inflict genuine harm. Consensus among security specialists on Tuesday was that it was likely to take several days before the program’s intent could be determined.
A group of computer security specialists has tried to make it impossible for Conficker’s authors to download instructions to infected computers. While they were doing so, the authors began distributing the C version of the program. It was intended to begin contacting 50,000 Internet domains on Wednesday.
In response, the researchers have created a system that will allow them to trap all of the attempted botnet communications. That has involved a global effort, including monitoring the domains of 110 countries.
A spokeswoman for the Conficker Cabal, a security working group organized by Microsoft and other computer security companies, said on Tuesday that the group had no new information to report about the activity of the malicious program.
“All we are saying is ‘patch and clean, patch and clean,’ ” said Nicole Miller, a Microsoft spokeswoman, referring to the process of disinfecting and protecting machines infected by the software, which targets Windows-based computers.
Separately, I.B.M. said that Mark Yason, a company researcher, had decoded Conficker’s internal communication protocol. The company said that will make it easier for security teams to detect and interrupt the program’s activities.
Earlier this year Microsoft offered a $250,000 reward for information leading to the arrest of Conficker’s author or authors.
News Source: nytimes.com
The Conficker software, which has spread aggressively around the globe since October and is designed to lash together infected machines into a powerful computer known as a botnet, has touched off widespread concern.
Computer security researchers who have examined a recent version of the program, called Conficker C, have said it was set to try to download commands from a server at an unknown Internet location on Wednesday. There was no certainty about the intent of the program, which could be used to send e-mail spam, distribute malicious software or generate a potentially devastating “denial of service” attack on Web sites or networks.
The choice of April Fool’s Day by the program’s authors, who are unknown, has led to speculation that the program might be a hoax. But a variety of computer security executives and law enforcement officials have pointed out that the program, which has spread to at least 12 million computers, could inflict genuine harm. Consensus among security specialists on Tuesday was that it was likely to take several days before the program’s intent could be determined.
A group of computer security specialists has tried to make it impossible for Conficker’s authors to download instructions to infected computers. While they were doing so, the authors began distributing the C version of the program. It was intended to begin contacting 50,000 Internet domains on Wednesday.
In response, the researchers have created a system that will allow them to trap all of the attempted botnet communications. That has involved a global effort, including monitoring the domains of 110 countries.
A spokeswoman for the Conficker Cabal, a security working group organized by Microsoft and other computer security companies, said on Tuesday that the group had no new information to report about the activity of the malicious program.
“All we are saying is ‘patch and clean, patch and clean,’ ” said Nicole Miller, a Microsoft spokeswoman, referring to the process of disinfecting and protecting machines infected by the software, which targets Windows-based computers.
Separately, I.B.M. said that Mark Yason, a company researcher, had decoded Conficker’s internal communication protocol. The company said that will make it easier for security teams to detect and interrupt the program’s activities.
Earlier this year Microsoft offered a $250,000 reward for information leading to the arrest of Conficker’s author or authors.
News Source: nytimes.com
No comments:
Post a Comment