Virus on the prowl
It is testing times for computer security experts. They are at their wits' end over what to do with Conficker, a worm that has infected about 10 million computers across the globe.
Making its appearance around October-November last year, it has caused substantial damage to unsuspecting computer users. In impact, it has rivalled the 'I Love you' virus and the 'Slammer' worm that one saw a few years ago.
While no major disruption of the Internet has resulted from this aggression, many affected machines (bots) have been converted into what one observer calls 'junk mail-spewing robots'. A few weeks ago, one bot alone sent more than 40,000 spam messages in less than 12 hours!
Complete disruption
Conficker, also known as Downadup, has displayed an awesome power to take control of computers from remote locations and manipulating them at will.
It is widely believed that the worm made its first appearance by exploiting an MS Windows vulnerability. Two other methods of attack figure in experts' speculation. One possibility is that some weak passwords had been neutralised. Stronger ones had been violated through methodic labour based on guesswork.
Another line of thinking is that a few USB devices had been infected so that these in turn infected other machines. It is these theories that have prompted some experts to assert that, ultimately, it is a lax security regimen in some companies that has facilitated Conficker's onward march.
What about home computers? Generally speaking, these are relatively free from danger because of their isolation from huge systems that one sees in private industry and public offices.
Worst is yet to come
Whatever be the means used by Conficker, one thing is clear. The resolve of the authors remains unbroken. Their ingenuity and daring are unprecedented. There is a fear therefore that the worse is yet to come.
Actually, some dramatic action was expected on April 1 when the miscreant program writers were believed to be planning an escalation of their offensive. Nothing of the sort, however, happened, until a few days ago when they successfully installed the Spyware Protect 2009, a fake anti-virus program, in infected machines. We do not know how many fell prey to this ruse.
The tactic here is to go on issuing a warning that Conficker would destroy your system and that you need to install Spyware Protect 2009. Even if you say 'no' several times when the pop-up appears on your screen, out of sheer exasperation, you are bound to cough up $50 for spurious software that offered to rid you of the menace of Conficker.
Researchers say that the object of the malware writers has now become very clear, viz., one of making money. This is, therefore, no longer an innocent prank but an unadulterated cyber crime. The FBI has rightly stepped into tracking down the offenders. The CBI needs to follow suit, if only to establish its credentials as a cybercrime-savvy organisation on whom both government and the private sector could depend, if the occasion arose.
East Europe in focus
There is suspicion that those behind Conficker are from East Europe. This cannot be dismissed as mere guesswork because that region had in the past come to the adverse notice of police agencies in the UK several times for a wide spectrum of crimes.
Apart from this, a basis for this suspicion is, in a particular case the rogue program checked whether the computer that was being attacked had a Ukranian keyboard lay-out. The inference was that if the machine did have a Ukranian background, Conficker would not do any harm! Many experts admit that Conficker's authors are smart and skilled.
New variant
They have issued many updates without any challenge whatsoever. For instance, on April 10, they floated a new variant, C.e, which not only restored Conficker's ability to spread but in fact strengthened its defence against even the best of anti-virus software. One feature that has worked to its advantage is that Conficker comes with a strong encryption mechanism that hides its internal dynamics.
It is against this backdrop that we must consider two recent reports of security breach from the US. A Wall Street Journal report that says some hackers have embedded software in the country's electricity grid, and this could facilitate a frontal attack on the power system whereby a massive blackout in most parts of the country could be engineered at will.
Vital infrastructure
The newspaper adds that this was detected a few years ago. The US Homeland Security officials have, however, not confirmed this report. It, nevertheless, raises a big question mark on the country's ability to protect its vital infrastructure. Significantly, the 60-day review ordered by President Obama is ending in the next few days, and that would reveal the chinks in the country's cyber security preparedness.
There is another report which refers to the damage done by miscreants to the fibre optic cables in the Bay Area of California on April 10. Here, a miscreant went down a manhole to physically cut a communication cable which resulted in a major breakdown of cell and land phones and Internet services. It took several hours for the AT&T staff to identify the point of sabotage and restore services.
Strengthen surveillance
This incident highlights the fact that physical security is as vital as computer security if we are to ensure uninterrupted communication between systems.
The Bay Area happening bares our dependence on wired links, notwithstanding whatever we have achieved in the area of wireless systems.
Here is something to ponder for policy makers and law enforcement officials in India. The latter, in particular, will have to strengthen surveillance of areas through which vital cables pass, either over ground or under ground.
For viewing the other pictures click on this link:
http://sify.com/finance/imagegallery/galleryDetail.php?id=jexrobachaj&title=A_deadly_virus_called_Conficker
No comments:
Post a Comment