Creative Commons License

The Worm That Won’t Die

Friday, August 28, 2009 at 09:07 PM EDT

The New York Times recently ran an article about the Conficker worm, which first appeared in November of last year. Conficker, which attacks Microsoft Windows systems, has proved to be elusive and difficult to deal with, despite the efforts of a task force made up of security people from industry, academia, and government. Its focus is, apparently, on assembling a huge network (a so-called botnet) of hijacked computers.

The program, known as Conficker, uses flaws in Windows software to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors. With more than five million of these zombies now under its control — government, business and home computers in more than 200 countries — this shadowy computer has power that dwarfs that of the world’s largest data centers.

This particular bit of malicious software does not appear to be the work of a bored teenager sitting in a basement somewhere. It employs very sophisticated methods to avoid detection, and, if detected, to keep itself from being totally removed from an infected system. Also, unlike most previous malware of this type, which generally had to “phone home” for instructions, and thereby gave clues to its origin, Conficker uses a peer-to-peer protocol (as do file-sharing programs, like LimeWire or BitTorrent) to transmit its coordinating information, making it much less susceptible to disruption.

What is not clear at this point is the ultimate aim of whoever is responsible for the worm. Some speculation involves the usual suspects: perhaps the intent is to use the botnet to distribute spam, to steal passwords, or to launch distributed denial-of-service [DDoS] attacks. There is some evidence that one ploy involves warning the user that his machine has a nasty virus, and offering to remove it for a payment made by credit card.

All of this is consistent with the idea that, to an increasing extent, the distribution of malware (and Internet nastiness in general) is becoming less like random vandalism and more like organized crime. Since the Internet operates internationally, there is no overall authority to make or enforce rules. (The article mentions that one of the FBI’s problems in trying to investigate this kind of thing is the necessity of building “a relationship with ‘noncorrupt’ law enforcement agencies in the countries where the suspects are located.”)

My own expectation is that the problem of malware distributed via the Internet is going to get considerably worse before it gets better. The solution has got to involve more than just having everyone install anti-virus software on his/her computer; it will need to involve Internet providers and governments, and is sure to step on multiple toes.