Awaiting Instructions

I read a few reports today about the Conficker (or Downadup) worm that in recent weeks has infected as many as nine million PCs around the world.  Particularly disturbing is that his worm “seems to be the first step of a multistep attack,” waiting quietly in infected host computers for instructions to combine into a “unified system[] called [a] botnet[]” and engage in concerted destruction.  Encryption prevents access to the worm’s operative code and the worm “uses an elaborate shell-game-style technique to permit someone to command it remotely.”  It generates a list of 250 domain names each day and will obey instructions from any one of those domains. “To control the botnet, an attacker would need only to register a single domain to send instructions to the botnet globally.”  Many have warned over the years of an Internet “Pearl Harbor” or “9-11” event; the NYT article that is the source of this post quotes a computer security consultant:  “If you’re looking for a digital Pearl Harbor, we now have the Japanese ships steaming towards us on the horizon.”  I might have chosen a reference that did not dig up old grievances with current trading partners–perhaps the sleeping aliens from War of the Worlds–but he makes his point.  Computer security experts are watching and waiting for the instructions that will activate the botnet.  Microsoft issued a patch in October to address the vulnerability allowing this worm to spread, but the article cites researchers’ belief that up to 30 percent of Internet-connected Windows-based computers have not installed patch.  Are 70% of PC users truly up to date on their Microsoft updates?  That seems high, based solely on my anecdotal experience.

Scary stuff.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.