It could be the biggest April Fool's joke ever played on the internet, or it could be one of the worst days ever for computers connected to the network. Security experts can't work out whether the Conficker virus – which has infected more than 10m Windows PCs worldwide – will wreak havoc on Wednesday , or just let the day pass quietly.
Experts have worked out that from midnight on 1 April, the Conficker program will start scanning thousands of websites for a new set of instructions telling it what to do next. The infected machines thus comprise one of the biggest "botnets" – a network of "robot" computers – in internet history. And if they were all given a target, such as simultaneously sending search queries to Google or trying to connect to a gambling site, they could knock it offline through the sheer volume of connections – a "denial of service". Victims usually discover that they have been locked out of their computers or have very slow-running internet connections.
Botnets have been used in the past to generate millions of pieces of spam email and to blackmail gambling sites that need to stay online during sports events with the threat that they will be deluged by a "denial of service" attacks.
Despite being tracked for several months, however, the truth about Conficker's motivations and origins remain clouded. Last weekend, one team of researchers suggested that they may have discovered a "fingerprint" inside the worm which should make it possible to scan computers for the infection, making removal easier.
The identity of its creator remains unknown, despite Microsoft offering a bounty of $250,000 (£176,000) for the information. Usual methods of unpacking the virus code to examine its workings have been thwarted because the authors have encrypted it, using algorithms that render it almost uncrackable.
In the meantime, Conficker has gone on to become one of the most widespread internet worms in recent years.
Last week a leaked memo revealed that the House of Commons computer system had become infected, leading to concerns that confidential or highly sensitive material could be stolen when the virus next updates.
In the document, Joan Miller, the director of parliamentary computer services, said that her team were "continuing to work with our third party partners to manage its removal and we need to act swiftly to clean computers that are infected".
Ordinary PC users are being advised to keep their anti-virus software up to date and watch for news about the worm. Cluley suggested that the widespread coverage could help lessen the potential impact. "Most businesses appear to have Conficker under control," he said. "They've applied patches and updated their anti-virus software to stem the spread of the worm. Some firms struggled to clean it up quickly – but most have now used some of the free Conficker removal tools available for download from security vendors."
0 comments:
Post a Comment