Wednesday, September 23, 2009

Conficker: Experts from all over the world fail to defeat internet worm

Till now no one can even think that a worm could knock down global internet. Even tech experts have failed to conquer this deadly worm called Conficker, which has already infected five million computers, and may soon crash the internet in all countries.

So dangerous is the threat, that the world’s largest computer security companies have joined together with governments around the world in an unusual alliance to pool their resources and solve the problem. So much so, that a group (Conficker Working Group) to defeat the worm has also been created.

The worm, which was first detected in November, last year, spreads rapidly to computers through a flaw in the Windows operating system. Infected machines are co-opted into a “botnet” army, which can be controlled and used by the hackers to launch unprecedented cyber attacks.

“The general agreement in the security world is that Conficker is the largest threat that global internet is facing from a cyber crime point of view. It has proven to be extremely resilient. It’s almost impossible to remove,” Rodney Joffe, a Director of the Conficker Working Group, told Sydney Morning Herald. “The best minds in the world have not managed to crack the code behind this yet.”

Microsoft has offered a 250,000 dollars reward for information leading to the identification of the individuals – or rogue governments – behind Conficker. But so far international effort to find a solution has yielded few results.

The creators of the worm can do anything they want with the infected machines including stealing users’ banking details or flooding government servers to knock them offline. The worm has a built-in mechanism to prevent people from scanning their computers with anti-virus software, says Joffe. Unfortunately, even for those who wipe their computers clean and start fresh, if they back up any important data on a portable hard drive, the clean machine is re-infected when the drive is connected to the computer.

The worm also spreads automatically between computers on a network and infects machines without the user having to do anything other than switch their computers on. While majority of the botnets can be destroyed by disabling the server used to issue commands to infected machines, but with Conficker the location of this sever changes every day and state-of-the-art cryptography means it’s almost impossible to crack.

No comments: