<IT WORLD> Conficker bides its time By Martin J Young
HUA HIN, Thailand - The big day in the year for the world's pranksters, April
1, came along with numerous scare stories regarding potential computer bugs,
viruses and so forth. Then, in an echo of turn of the millennium and the Y2K
bug scare, the day passed with the world unchanged. The Conficker worm was the
focus of much concern, its threat to computer data and networks sufficient to
warrant a US$250,000 bounty from Microsoft for information leading to the
arrests of its cunning creators.
The latest variant of the worm, Conficker.c, turned up early last month when it
tried to update an earlier version of itself on an estimated 15 million already
infected computers. The worm's payload does not actually damage files; it
reduces the security level of the machine in such a way that when it is called
upon it will be able to install malicious software far easier. Then the real
work will
be done as the network of infected computers can be commanded to do anything
from sending spam to identity theft to denial of service attacks on websites.
IBM's security division estimates that 4% of all sources of suspicious activity
and one-in-25 Internet addresses that transmit potentially harmful data online
are infected with the Conficker worm. The majority of infected machines are in
Asia; this could possibly be attributed to the prevalence of pirate software
throughout the region.
The new and improved net nasty can disable the Windows update feature and so
prevent un-patched systems getting the critical update and patch to the
security hole that lets the worm in. This patch was released by Microsoft last
October, when the company was first alerted to the worm's presence.
Security company Symantec says there is no immediate need to worry as the worm
at present is merely becoming more sophisticated and using a communications
system that makes life difficult for Internet security researchers. Certainly,
there was no April 1 meltdown, but that's not to say it won't happen at all.
The worm is currently laying dormant awaiting instructions which could come
tomorrow or in three months.
Infected systems are likely to run as if they were normal, which is why the
worm is so difficult to detect. Users may experience erratic network behavior
or slower than usual connectivity - this is nothing out of the ordinary in most
of Asia. Other symptoms of infection include the blocking of access to
antivirus websites such as F-Secure and Trend Micro and the disabling of
several Windows services including automatic updates, Windows Defender and
Error Reporting services.
The worm is also set up to update itself from anyone of an estimated 50,000
randomly generated domain names. Microsoft in collaboration with the Internet
Corporation for Assigned Names and Numbers (ICANN) is actively monitoring and
disabling up to 500 domains per day that have been targeted by the worm.
You can check to see if you maybe infected by running a basic visual test here
which
checks your connectivity to websites the worm is known to block.
Users most at risk are those that have turned off Microsoft's Windows update
feature and those that are not using genuine software as automatic updates do
not generally work with pirate versions of the operating system. Keeping
anti-virus software up to date is essential, and although security companies
such as Symantec, Kasperspy, Trend Micro and McAfee will tout their own
products with dollars in their eyes, there are good free alternatives such as
Avast and AVG.
A solid third-party personal firewall such as Comodo, Kerio or Zone Alarm will
also help to keep web bugs at bay as will using a secure and updated Internet
browser, avoiding all earlier versions of Internet Explorer. If you have been
infected or suspect that you have been, you will need to download a fix tool on
a clean machine, These are available for free from all of the big antivirus
vendors.
Software
Microsoft has finally yielded to the pressure of free online information and
have announced the end of Encarta, their software encyclopedia. In a message on
the MSN website, the company stated that it will shut down the online version
at the end of October this year and pull CD/DVD versions of the software from
shelves in June.
The pressures of virtually limitless information online from the likes of
Wikipedia and search engines have spelt the end of traditional reference
material. Encarta first appeared on personal computers in 1993 and peaked in
popularity in the mid-90s, before high-speed Internet connections were widely
accessible.
The ability to pack a plethora of information, images and audio into a
650-megabyte optical disc propelled the product to success, while its then
print competitors such as Britannica lost ground to the technological
transformation of reference material.
With the rise of Google and Wikipedia and faster online connectivity, people
began moving towards the endless availability of information on the Internet
and CD-based reference material became obsolete. The company said it will give
refunds to customers with subscriptions to its premium Encarta service, which
will also bite the digital dust this year.
Martin J Young is an Asia Times Online correspondent based in Thailand.
(Copyright 2009 Asia Times Online (Holdings) Ltd. All rights reserved. Please
contact us about
sales, syndication and
republishing.)
Head
Office: Unit B, 16/F, Li Dong Building, No. 9 Li Yuen Street East,
Central, Hong Kong Thailand Bureau:
11/13 Petchkasem Road, Hua Hin, Prachuab Kirikhan, Thailand 77110
Software
