More Than 20M Computers Infected by Conficker, and Counting

Jay Decenella, IT audit expert
September 27, 2011 /

The highly encrypted computer worm called Conficker that can furtively penetrate and run PCs has been infecting over 20 million computers for the past three years, according to Kaspersky Lab.

The self-updating worm penetrates the core of the operating system of the computer and transfers the control to a remote controller, wrote Mark Bowden, author of Worm: The First Digital World War.

Recently, Conficker has caused £7.2 million production loss on SABMiller, the brewer of Peroni, Foster’s and Coors Light. SABMiller had to shut down its Romanian operation on April for several hours because of the worm.

First spotted in 2008, Conficker has sent security experts in the world scurrying to try to stop the botnet. The Conficker Working Group, a team of experts who volunteered themselves for that cause, tried to get the government involved in their efforts, but found that they’ve got a lot of explaining to do to get the message across government officials about what Conficker is capable of.

Even the agencies that are responsible for protecting the country, its electrical grid, and its telecommunications did not have enough understanding of Conficker.

Now, the Conficker worm has transformed into what it is widely known today: botnet. It has become a powerful malware that can take over computer networks that regulate banking, telephones, security systems, air traffic control and even the Internet itself, according to Bowden’s book.

Bowden projected a scary picture of how overwhelming the scope of Conficker’s infection capability could get. The botnet, according to him, could be used as a weapon, which is what is shaking government officials to their bones.

Consider Conficker launching denial of service attacks with 10 million computers, the attack would not only take down the target, but the entire Internet world just as well.

“It’s the equivalent of shutting down the train system during the Civil War, where the Union troops and the Confederate troops used trains to shuttle arms and ammunition and supplies all over their area of control,” Bowden said.

But that is not necessary in the digital age, that can be done today by taking down the Internet, he added.

Further, the Conficker Working Group found that Conficker creators were really after creating money, not mass destruction or taking down the Internet.

As of this moment, nobody knows exactly who is controlling Conficker or what its intentions are, Bowden said.

According to him, Conficker is increasingly infecting computers of high-profile entities, including the FBI, the Pentagon, and large companies.

Cyber criminals may also steal passwords of netizens through Conficker.

With a botnet of 25,000 computers, hackers could break the security codes for Amazon.com, or raid people’s accounts, or get Social Security numbers and data, Bowden warned.

“There’s almost no commercial security system in place that couldn’t be breached by a supercomputer of tens of thousands.”

The Kaspersky Lab’s Global Research and Analysis Team offered what-to-do’s to fight botnets, including Conficker: allow investigators to carry out mass remediation via a botnet; provide them with immunity against cybercrime laws for a particular investigation; allow them to use the resources of compromised systems during an investigation; and provide them with warrants to engage in remote system exploitation when no alternative is available.

 

Share your opinion