Thursday, July 16, 2009

Researcher: Conficker Authors Prepping for Next Stage

Robert Westervelt writes on

The vast army of zombied machines—thanks to the cybercriminals behind the Conficker worm—have gone silent over the last several months. But one security expert, who has been studying the worm since it began propagating, finds this inactivity troubling and believes its authors are planning the next chapter of Conficker.

Mikko Hyppönen of F-Secure Corp. plans to present his research at the Black Hat Briefings in Las Vegas later this month. Hyppönen, who is also a member of the Conficker Working Group, is intrigued by the worm's sophistication, which allowed it to spread so quickly. Still, the researcher believes the worm's authors are relatively new to the scene, since Conficker spread too quickly making it a high profile nemesis of security researchers.

"I think the biggest mystery in the whole Conficker operation is the motive," Hyppönen said. "How come a group who is capable of pulling something of this magnitude off doesn't seem to be interested in actually using this massive botnet they created?"

The worm used algorithms never seen before by researchers. It was protected with the MD6 cryptographic hash algorithm. The method slowed researchers trying to block the worm and allowed it to quickly infect machines. The domain generation system, used by the worm to check for orders and its USB spreading algorithm also helped the malicious code to infect more computers. When Conficker peaked in January the worm's authors had over 10 million machines at their disposal, yet they did nothing with those machines.

More here.


Post a Comment

<< Home