Experts brace for possible computer worm attackMarch 31st, 2009 - 2:22 pm ICT by IANS
San Francisco, March 31 (Xinhua) Government and private security teams are in a rush to gear up for a possible attack by a computer worm that threatens to carry on disruptive activities April 1.
The Conficker worm, also known as Downadup or Kido, first appeared last November and is estimated to have infected millions of computers worldwide.
By exploiting a vulnerability in Microsoft’s Windows operating system, the worm can infect users’ computers and spread to other computers across a network automatically, without human interaction.
Computer security experts believed that a new variant of Conficker, which surfaced this year, could contact 500 of 50,000 randomly generated domain names April 1 to receive updated copies or other malicious commands.
A domain name is the address of a website that can help connect computers on the Internet. Previous Conficker variants were written to connect to 250 domain names.
The US Department of Homeland Security (DHS) Monday released a tool that can detect whether a computer is infected by the worm.
The tool can be used by federal government, commercial vendors, state and local governments, and critical infrastructure owners as well as operators to scan their networks for the Conficker worm, the DHS said in a statement.
A team of researchers from the Honeynet Project, an international non-profit Internet security research organisation, also announced Monday that they have discovered a flaw in Conficker which makes it much easier for users to detect infected computers.
After finding the flaw last Friday, the researchers quickly developed a new scanning tool for detecting Conficker over the weekend and is making it publicly available ahead of the worm’s scheduled activation date.
“What we’ve found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly,” Dan Kaminsky, one of the researchers, wrote on his blog.
“You can literally ask a server if it’s infected with Conficker, and it will tell you,” he added.
Meanwhile, in a move to calm the computer users, security experts are playing down the havoc that Conficker may cause.
The worm is going to change its operation a bit, but it is unlikely to cause anything visible April 1, Mikko Hypponen, chief research officer of computer security company F-Secure, said in a posting on the company’s blog.
“Although we don’t think anything will happen on this particular date, Conficker is nothing to laugh about. The gang behind this is serious and we should not underestimate them,” he noted.
“The general public should not be alarmed, but should, as always, exercise caution and implement security best practices into their daily computing routines,” Vincent Weafer, an expert of computer security company Symantec, said in a statement.
Tags: commercial vendors, computer security experts, computer worm, connect computers, critical infrastructure, dan kaminsky, department of homeland security, disruptive activities, honeynet project, human interaction, kido, profit internet, resea, research organisation, security teams, state and local governments, us department of homeland security, us department of homeland security dhs, users computers, windows operating system