The Conficker worm variant expected to mobilize on April 1 activated as expected, but did not upload any new malware, according to security companies.
The worm, also known as Downadup, has infected between one million and 15 million machines, according to some estimates. The worm shuts down security services, blocks computers from connecting to security websites and downloads a Trojan.
The Conficker C variant was programmed to connect infected machines to 50,000 domains on Wednesday. The worm was then expected to deliver a malware update to the computers. However, the anticipated threat has failed to materialize.
See also: Conficker tracking - all's quiet, so far
The 'no bull' guide to Conficker
Googling for Conficker clean-up information? Be careful
Researchers make Conficker breakthrough
CBS 60 Minutes covers Conficker, malware epidemic
F-Secure security specialist Patrik Runald wrote on the F-Secure blog that while some infected machines had attempted to contact domains specified by the worm, no update had been sent.
"So what's going on? So far nothing," Runald wrote on Wednesday. "Infected computers are generating the list of 50,000 domains and are attempting to contact 500 of those like we've described earlier, but so far no update has been made available (by the bad guys)."
Paul Ferguson, an advanced threats researcher at Trend Micro, told CNET News on Wednesday that the security company had seen some effect in Asia. "We've seen activity in honeypot machines in Asia... They're generating the 50,000 list of (potential) domains to contact," said Ferguson.
Researcher Holly Stewart, writing on the IBM ISS Frequency X blog, said the 1 April date seemed to have been a joke on the security companies.
"April Fool's does certainly seem to have been a joke on us," wrote Stewart. "We knew it might happen... but we had to be on alert anyway. Hey, that's why we're here, right? I guess the point is that even though nothing happened today, I think, at least, that something is going to happen eventually."
Stewart warned of the potential for the infected machines to be made into a network of compromised machines, or botnet, as a money-making venture. Botnets can be used for purposes such as sending spam, and performing denial-of-service and brute-force attacks.
"It's obvious that the development of Conficker has cost someone a lot of money," wrote Stewart. "The advanced technology and sophisticated obfuscation that we've witnessed is fairly unprecedented. It would really, really surprise me if no one decides to cash in on that hefty investment."
This article was originally posted on ZDNetUK.
No comments:
Post a Comment