From the NYTimes:
A new digital plague has hit the Internet, infecting millions of personal and business computers in what seems to be the first step of a multistage attack. The world’s leading computer security experts do not yet know who programmed the infection, or what the next stage will be.
In recent weeks a worm, a malicious software program, has swept through corporate, educational and public computer networks around the world. Known as Conficker or Downadup, it is spread by a recently discovered Microsoft Windows vulnerability, by guessing network passwords and by hand-carried consumer gadgets like USB keys.
Based on the details from the article, it sounds like Russia, but my first guess was China. It could easily be anyone of several countries, based on the level attention as measured by Google. The compromising of computers and stealing personal ID is at the AOL scriptkiddy-level. It is far easier to steal data by wardriving by corporate headquarters looking for an unsecured WiFi router, stealing a physical computer or hard drive, or dumpster-diving for backup tapes. This is something else, especially given the proximity of release relative to the election.
The primary purpose of a virus like this is network effect of infecting more and more users. The ultimate outcome is to create a zombie botnet, which can then overwhelm routers and disrupt traffic. If I were evil, and an individual, I would be extorting money from corporations in exchange for “protection” of their servers. If I were strategic and a nation, I would aim at blocking the flow of commerce or the resources of commerce (sounds like an episode of 24, doesn’t it?).
These last 4-paragraphs are REALLY interesting:
The worm has reignited a debate inside the computer security community over the possibility of eradicating the program before it is used by sending out instructions to the botnet that provide users with an alert that their machines have been infected.
“Yes, we are working on it, as are many others,” said one botnet researcher who spoke on the grounds that he not be identified because of his plan. “Yes, it’s illegal, but so was Rosa Parks sitting in the front of the bus.”
This idea of stopping the program in its tracks before it has the ability to do damage was challenged by many in the computer security community.
“It’s a really bad idea,” said Michael Argast, a security analyst at Sophos, a British computer security firm. “The ethics of this haven’t changed in 20 years, because the reality is that you can cause just as many problems as you solve.”
If you force us to close-off part or all of our society, you diminish our ability. The internet only ‘works’ because it is open; the benefits of an open internet outweigh the risk of closing it off. But when ‘national security’ enters the picture, we seem to be willing to trade off the openness in exchange for the illusion of safety, like taking your shoes off in the airport.
The remedies both for the end-user and enterprise here should be common-sense. Be knowledgable, take precautions, remove the worm if infected, and think strategically. What SHOULD happen is that every user should have to install certain updates, the domain registration process should be examined, with the burden of stopping or slowing unusual registrations (and following the money) should be placed on the Registrar, and the ISPs should use the tools they use for tracking hackers and file-sharers to look for traffic anomalies. But that won’t happen.
Tags: Conficker, Downdaup, Downdup, Microsoft Corporation, Sophos Plc, unsecured WiFi router, virus
