Tuesday, March 31, 2009

Conficker Activation Passes Quietly, But Threat Isn't Over

Sumner Lemon writes on InfoWorld:

An expected activation of the Conficker.c worm at midnight on April 1 passed without incident, despite sensationalized fears that the Internet itself might be affected, but security researchers said users aren't out of the woods yet.

"These guys have no designs, I think, on taking down the infrastructure, because that would separate them from their victims," said Paul Ferguson, a threat researcher at antivirus vendor Trend Micro, calling the technology and design of Conficker.c as "pretty much state of the art."

"They want to keep the infrastructure up and in place to make it much harder for good guys to counter and mitigate what they've orchestrated," he said.

Conficker.c was programmed to establish a link from infected host computers with command-and-control servers at midnight GMT on April 1. To reach these control servers, Conficker.c generates a list of 50,000 domain names and then selects 500 domain names to contact. That process has started, researchers said.

More here.

Note: Yes, we are still watching. It's the busy season, apparently - hence the lack of blog posts lately. -ferg


Post a Comment

<< Home