MALWARE HISTORY

Conficker

Getting beyond the myth

EPISODE THREE

What to expect next?

Ultimately, Conficker acts as any botnet. Botnet is
a coined term derived from robot network. A botnet might be understood
as a collection of malicious software robots (abbreviated bots),
whose purpose is to run different kind of computer applications controlled by
the owner or the disseminator of the software robot source, on a group of
compromised computers, usually connected to the Internet.

From this point of view we can only expect for worse, as
described below:

Corruption of Defensive System

The most dangerous aspect related to Conficker infection is
that it completely neutralizes defensive systems. In other words, any infected
machine holds a huge security breach that can be exploited anytime from now on.
It is like having a house with a door wide open all the time, even when you
sleep or go to work or in vacation.

Distributed Denial of Service

A botnet can be used as a tool to completely paralyze other
computers over the Internet through what is known as Distributed Denial of
Service
(DDoS). The botnet attacks a network or a computer system to
disrupt service via the loss of connectivity or consumption of the victim
network’s bandwidth and to overload the resources of the victim’s computer
system. This can prevent the access to a particular Web site for a long period
of time, which, in case of Web-operating companies, but not only, might lead to
total isolation.

Pay-per-Click Systems Abuses and Frauds

Botnets can be used to engage in click abuses and frauds.
The bot is used to visit a specific Web page and/or automatically “click” on
the advertisement banners. The purpose is to obtain financial gain by
automating visiting and/or clicking on a pay-per-view or pay-per-click system
(to actually cheat the online advertising companies that pay a sum of money for
each visit or click on that page, like Gooogle Adsense).

Key Logging, Traffic Monitoring and Mass Identity Theft

Many bots watch the keyboard activity and report the
keystrokes stream to their owner. Some bots have features to look for visits to
particular Web sites where passwords or bank account information is entered.
With a filter program, the bot owner can extract only the keyboard sequence
typed before or after words like “PayPal” or “Credit Card”. This allows
cybercriminals to gain access to personal information and accounts belonging to
thousands of people.

Spamming

The drones from a botnet can be used to harvest e-mail
addresses and/or send/forward a huge amount of messages to other computers. For
instance, this was the case of a mass-mailing spam campaign at the end of 2007,
pleading for Ron Paul candidature at the 2008 US presidential elections.

How can we protect?

The following five simple rules should be enough to keep you
away from any upcoming disaster:

  • Check with your operating system provider on a regular
    basis – download and install the latest security updates, malware removal
    tools, as well as other patches or fixes.
  • Install and activate a reliable password protected
    antimalware, firewall, spam filter and parental control solution, like those
    provided by BitDefender.
  • Update your antimalware, firewall and spam filter as
    frequent as possible, with the latest virus definitions and suspicious
    applications/files signatures.
  • Scan your system frequently.
  • Stay informed about e-threats and security.

If your system has been infected, there is still hope. Check
http://www.bdtools.net/, download the
Downadup Removal Tool, follow the instructions and clean your system. Ideally,
once you eliminated Downadup from your machine, you should patch your OS with
the latest updates, install and activate an antimalware suite.

About the author

Răzvan LIVINTZ

With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on www.hotforsecurity.com.

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples http://martzipan.blogspot.com), messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.