April 13, 2009

Confiker Worm Update

Hello everyone. I just wanted to post an update on the Conficker worm, recapping the virus' activity following it's April 1 activation date. As expected, the virus did not cause major havoc when it updated. However, the worm has gotten stronger, and analysts are now able to identify several intended revenue streams for the hackers behind this worm.

When the worm updated on April 1, the first major development is that the virus began attempting to spread once again, while becoming even harder to remove from infected systems. The worm at this time has increased protection against users downloading anti-virus software. This can be demonstrated at the Conficker Eye Chart page from the Conficker Working Group.

In addition to the virus spreading and becoming harder to remove, Conficker has shown two revenue streams. First, some variants attempt to install scareware, fake antivirus software that installs its own malware while attempting to coerce the user to pay for the fake software. Second, other variants have formed into a botnet that researchers believe may be rented to spammers by the worm's authors. This has become one of the major purposes behind widespread viruses, as it allows the virus controllers to sell the computing resources of infected systems to spammers.

Fortunately, infection by Conficker can be prevented. As I have noted before, prevention is key - a strong software and hardware firewall and up to date antivirus, as well as regular operating system patches, will leave your system secure against this virus.

No comments: