El Gusano Conficker: ¿Broma de Día de los Inocentes...

[Kanon]

Me gustó mucho este articulo. Si bien no entiendo mucho del tema, las diferentes posibilidades que explora son muy interesantes.

Gente que entiende mucho mas que yo de seguridad informática piensa que esto es asunto muy, pero muy serio y que es crucial estar prevenido, y cuidar su sistema contra el gusano. Este es un programita que detecta el gusano mediante heurística.

ftp://ftp.f-secure.com/anti-virus/tools ... wnadup.zip

El Gusano Conficker: ¿Broma de Día de los Inocentes o Desastre Inconcebible?
Por John Markoff

El gusano Conficker tiene fecha de activación el 1° de Abril, y la pregunta sin respuesta es: ¿Demostrará ser la broma de Día de los Inocentes más grande del mundo o es el equivalente en la era de la información al legendario tratado de 1962 de Herman Kahn sobre la guerra nuclear "Pensando en lo Impensable"?

Conficker es un programa que es diseminado explotando varias debilidades del sistema operativo Microsoft Windows. Varias versiones de este software se han esparcido ampliamente alrededor del mundo desde Octubre, la mayoría fuera de los Estados Unidos porque hay mas computadoras en el extranjero corriendo Windows piratas, sin parches. (El programa no infecta computadoras Macintosh o basadas en Linux).

Un estimado de 12 millones o mas de maquinas han sido infectadas. Sin embargo, muchas también han sido desinfectadas, así que un censo preciso es difícil de obtener.

Es posible detectar y remover Conficker usando herramientas antivirus comerciales ofrecidas por varias compañías. Sin embargo, la versión mas reciente del programa tiene una capacidad muy mejorada de remover software antivirus comercial y apagar el servicio de actualización de seguridad de Microsoft. También puede bloquear comunicaciones con servicios Web provistos por las compañías de seguridad para actualizar sus productos. Hasta abre agujeros sistemáticamente en los firewalls en un esfuerzo por mejorar su comunicación con otras computadoras infectadas.

Dada la sofisticada naturaleza del gusano, la pregunta se mantiene: ¿Cual es el propósito de Conficker, el cual puede posiblemente convertirse en la computadora paralela más poderosa del mundo el 1° de Abril? Eso es cuando el gusano haya generado 50000 nombres de dominio y sistemáticamente intente comunicarse con cada uno de ellos. Los autores entonces solo necesitaran registrar uno de los nombres de dominio para tomar control de las millones de computadoras zombies que habrán creado.

La especulación sobre el propósito de Conficker va desde lo benigno - una broma de Día de los Inocentes - a nociones mucho más siniestras. Una opción probable es que el programa será usado en el negocio “rent-a-computer-crook”, algo que ya ha sido intentado por el bajo mundo informático. Al igual que Amazon.com ofrece en alquiler tiempo de computadoras en su red, el equipo Conficker podría alquilar acceso a su "red" para propósitos nefastos, como el spam.

La pista mas intrigante sobre el propósito de Conficker yace en el complejo diseño de su lógica peer-to-peer en la última versión del programa, que investigadores de seguridad todavía intentan terminar de decodificar.

De acuerdo con un addendum de investigación que se agregara el jueves a un ensayo de investigadores en SRI International, en la versión Conficker C del programa, las computadoras infectadas pueden actuar tanto como clientes como servidores y compartir archivos en ambas direcciones. El diseño peer-to-peer esta ampliamente distribuido, haciendo mas difícil a los equipos de seguridad derrotar el sistema deshabilitando los supuestos super-nodos.

Los autores de Conficker podrían estar planeando crear un artilugio como Freenet, el sistema peer-to-peer que se planeo para hacer la censura de documentos en Internet imposible.

O tal vez los amos del botnet Conficker tienen algo más Maquiavélico en mente. Un investigador, Stefan Savage, un científico de la Universidad de California en San Diego, ha sugerido la idea de "Dark Google". ¿Y si Conficker esta hecho para darle al bajo mundo informático la capacidad de buscar información en todas las computadoras infectadas alrededor del mundo y luego vender las respuestas? El Malware ya intentó hacer esto a un nivel especifico usando una variedad de tretas a las se llama "pesca con lanza" (spear phishing), en referencia al amplio uso de trucos de ingeniería social en la Red.

¿Pero hacer algo así a escala gigantesca? Eso sería una red de arrastre - y una genuina historia de horror.

Traducción de la casa, de http://bits.blogs.nytimes.com/2009/03/1 ... -disaster/

[Devil_May_Cry]

bueno cuando mi pc deje de andar el 1 ahi voy a saber si estaba infectado o no

[Kanon]

Dale nomas, segui en la joda... Se nos viene el dia del juicio y vos haciendote el gracioso...

[Devil_May_Cry]

"contemplen las maravillas de la tecnologia"

alarmistas de morondanga lo mismo decian del Y2K y todavia estamos aca

[No Smoking]

"contemplen las maravillas de la tecnologia" :risamalvada

¿Maravillas DMC, O fracasos? .

[Poyo]

Quiza el desconche que me hizo el guindous tenia que ver con esto...

[Devil_May_Cry]

1 de abril y todavia estamos aca. malditas predicciones que no se cumplen

[Kanon]

Dicen que en la semana capaz que pasa algo

[Devil_May_Cry]

la cuenta regresiva finalizaba hoy.

[Kanon]

Conficker worm reaches go time, to no effect
User awareness is high, which should help minimize problems, experts say

SAN FRANCISCO - The malicious Conficker Internet worm got more aggressive about trying to reach its creators Wednesday, but computer security researchers appeared correct in their predictions that the effects would be muted.

The worm's programming included a change in tactics on April 1: The estimated 3 million to 12 million computers infected by Conficker were told to step up their attempts to "phone home" for commands. But that seemed to be the only sign of life from the bug.

"One thing we're not seeing is any mass malicious activity," said Joris Evers, an analyst with McAfee. "The Internet today is working just as well as it was working yesterday."

The worm can take control of unsuspecting PCs running Microsoft's Windows operating system. But its creators likely want to use their vast "botnet" to send spam or perform other cybercrimes, and not to bring down the Internet.

That's one reason analysts say the people behind the virus will probably wait to send any commands. "Everyone who is fighting Conficker is on high alert," Evers said.

Security companies monitoring the worm have been largely successful at blocking infected machines from communicating with whoever programmed it.

Microsoft issued a software update, called a "patch," to protect PCs from vulnerability back in October. But not everyone applied the patch.

In one telltale sign of an infected machine, Conficker blocks Microsoft's site as well as those of most antivirus companies. Computer owners can work around that obstacle by having someone else e-mail them a Conficker removal tool. (Msnbc.com is a joint venture of Microsoft and NBC Universal.)

To learn more, check Microsoft's Web page on Conficker. Also, a list of the free Conficker removal programs is available on the Web site of the Conficker Working Group. The removal programs will take care of themselves, for the most part, scanning your system and purging the worm.

Computer infections now are all about making money by stealing people's personal information. And Conficker's authors stand to make more money from renting out parts of their huge "botnet" to spammers or identity thieves than by destroying parts of the Internet.
Story continues below ↓advertisement | your ad here

"These guys have been pretty smart until now — the worm is unfortunately very well done," said Patrik Runald, chief security advisor for F-Secure Corp. "So far they haven't been stupid. So why should they start on April 1?"

But panic over the worm had reached a frenzy. Lori Lynn Pavlovich, a mother of four from Racine, Wis., unplugged her PC and vowed to stay offline for a week after seeing a local TV news report about the worm.

"I get scared real easy when it comes to stuff like that," she said. Pavlovich, who says she keeps her antivirus software and security patches up-to-date, got back online 24 hours later after a relative assured her that her system was safe.

In the last six months, the worm has also caused sleepless nights for the technicians who maintain corporate and governmental computer systems. European media reported that the French military grounded some of its fighter planes after the Navy's network was infected over the winter.

Companies were on high alert to any change in Conficker's behavior that could affect their systems. But a lot of the heavy lifting for big corporations has already been done. Most large organizations hurried to fix the vulnerability that Conficker exploits long ago — Microsoft released a software "patch" for it in October. Many smaller businesses and consumers started worrying about the problem later, making them more vulnerable to infection.

"Consumers are very, very, very aware of this — more so than I've seen in years," said Alfred Huger, vice president of Symantec Security Response. "Enterprises are certainly aware of this, and they're treating this seriously, but no more so than other threats they're faced with."

Detecting a Conficker infection is actually very easy. One of the telltale signs is if you're able to navigate the Internet freely but can't access Microsoft's site or the sites for the major antivirus software vendors. Conficker's authors included that feature to prevent infected machines from downloading programs that remove the worm.

That makes it harder to get the Conficker removal programs, but not impossible. Security experts recommend that people with infected machines find a friend whose machine isn't infected, and have that person download the removal tool and e-mail it to them.

Many companies that have already protected their networks from Conficker have become concerned again because of the publicity the worm generated in recent weeks as the April 1 change to Conficker's programming approached.

Michael La Pilla, manager of the malicious code operations team at VeriSign's iDefense division, said some of his company's customers were asking for immediate notification about changes to Conficker's behavior, instead of the hourly updates that many receive.

The bad guys behind Conficker haven't been able to reliably communicate with the computers the worm has infected. That means they haven't been able to program the PCs to send spam, carry out identify-theft scams, or perform any other kind of cybercrime.

That has likely started changing with the dawn of April 1. Now the programming on the latest version of Conficker tells those infected machines to generate 50,000 new Internet addresses each day that they can try and "phone home" for instructions.

Previously, they had been looking for commands from just 250 sites each day. The point of the change is to make it harder for the security community to pre-register those addresses and keep them out of the bad guys' hands.

Microsoft has offered a $250,000 bounty for information leading to the arrest and conviction of the people responsible for Conficker.

The hoopla surrounding a very arcane change to Conficker's programming code was reminiscent of the doomsday fears about the Y2K bug, when the dawn of the millennium was thought to threaten computer networks by interpreting the new year as 1900 rather than 2000.

"There are a lot of people who are on standby waiting to see what happens," said George Kurtz, senior vice president of McAfee's risk and compliance division. "Ultimately, it could be a big event or Y2009 — April 1 rolls around and nothing happens. But that doesn't mean it's the end of the story."

http://www.msnbc.msn.com/id/29981552/