Saturday, March 14, 2009

Downadup/Conficker Worm Disables Computer Security

If you were a hacker or a e-scam artist with malicious intent, would it be valuable to disable a machine's security system? Most of them find it relatively easy to take command and control of unprotected machines, but fully patched and protected machines pose more of a challenge.

Since late last year, hackers have developed a new tool that attacks protected machines, known as the Downadup/Conficker worm. This worm is being called a complex piece of malicious code that is able jump network hurdles, hide in the shadows and even defend itself against security measures, according to a recent report by Symantec.

Symantec has documented its blog posts on this subject in this report, which are available on their site. They also have a blog post by Ben Nahorney that attempts to put this complex threat into terms that can be understood by the general public.

Just this month, Symantec identified the third version of Downadup/Conficker, which has an even more powerful punch designed to take down computer security systems. This version has been dubbed the W32.Downadup.C variant and is still under analysis. The payload from W32.Downadup.C is set is to be triggered on April 1st, and if it is, the damage from it could be huge. SC Magazine aptly summed this up in an article called, "No Joke — Conficker Worm set to explode on April Fool's Day."

Since Downadup/Conficker has the ability to replicate itself — even on USB drives and network shares — by cracking passwords, it can spread like wildfire and wreak havoc on systems.
The report concludes that this is only the beginning of the Downadup/Conficker threat. If you take the time to read through the report, it shows how this malware is evolving and changing to avoid attempts to stop the spread of it.

It is being reported that Downadup Conficker has enabled one of the largest botnets to be formed on the Internet because of the number of systems that aren't protected from it. Of course, it appears that once infected, the worm itself might prevent the patches from be downloaded on a machine.

Botnets generate all the spam we see in our in boxes and are the vehicle of most fraud, phishing and financial misdeeds seen on the Internet. They consist of infected computers that have been taken over and form a super computer capable of spreading a lot of garbage. Of course, becoming infected can also mean that all your personal and financial information will be data-mined and used by less than honest people to steal money or commit other types of crimes.

Information can be stolen to commit espionage or even provide a fake identities, which are then used to support other more serious criminal activity. Although a lot of espionage is industrial, it is on record already that Downadup/Conficker infected computers at the U.K. Ministry of Defence and the Houston Municipal Courts which suggest a more sinister intent than merely committing financial crimes.

Since the beginning of the year, there are different estimates of how many computers are infected, but all them seem to agree it's somewhere around nine million.

Microsoft has announced a $250,000 reward for information leading to the arrest of the authors of this code. It has also announced an industry-wide coalition to fix the threat that Downadup/Conficker poses. Included in this coalition are ICANN, NeuStar, Symantec, CNNIC, Afilias, Public Internet Registry, Global Domains International Inc., M1D Global, AOL, Verisign, F-Secure, ISC, researchers from Georgia Tech, the Shadowserver Foundation, Arbor Networks and Support Intelligence.

Microsoft also provides information on patches and the latest developments on Conficker/Downadup on its site. It also has another page where you can learn more about these types of threats and how to stay safe online.

Don't Bail Out a Scam Artist

Recently, I've noticed all kinds of ads and spam e-mails promising to deliver a bail out of one kind or another. While we're finally going to see a few average people bailed out, most of these ads and spam e-mails have one purpose and one purpose only — to provide a revenue stream to a scam artist.

On March 4th, the FTC issued a warning that consumers might get stung by one of these bail out schemes and that these scams are showing up in many different forms.

A lot of these scams claim they can assist someone in qualifying for a bail out and all you need to do is to provide them with a little information or a small payment (preferably using a plastic instrument) to reap a too-good-to-be return on your investment. Plastic is quickly becoming the preferred payment option of criminals and semi-legitimate marketing gurus, alike.

Common spam e-mail messages ask for your banking information so the money can be direct deposited into a bank account. In most of these scams, the exact opposite occurs, or the money in the account is stolen. There are also a lot of spoofed spam e-mails that appear to come directly from a government agency, which ask you to verify that you qualify for a payment by providing them with personal/financial information. If responded to, they either clean out your financial resources or use your good name to steal from a financial institution.

The FBI, IRS and Federal Reserve have recently reported their names being spoofed (impersonated) in a variety of spam e-mails designed to scam people of their hard-earned resources. Of course, a lot of the e-mails and e-ads use the names of Barack Obama and Joe Biden to make their come-on appear more legitimate, too.

Some of these e-mails contain links, which lead to websites that download all kinds of malicious software and spyware on a machine. Normally, the intent in these instances is to steal personal information or take command and control over a machine.

Not all these come-ons come in spam e-mails, either. Much to my dismay, I did a search on the word "Stimulus" and found several ads offering a questionable bail out. After doing this, I went to my local coffee house and picked up some of available free magazines and found questionable bail-out offers in them, also.

When it comes to advertising dollars, those accepting the money aren't required to perform any due diligence on what is being advertised.

In some of the so-called semi-legitimate come-ons (my personal opinion), there might be a clause in small-print that allows them to charge your card a small fee over a long period of time.

While these so-called legitimate marketing ploys are nothing new, they are being seen used in some of the pay for bail out products being hawked all over the place.

If you've signed up for any of these deals, it might pay to review your statements, carefully. Of course, in today's world, it pays to do this on a regular basis, anyway.

If you see any of these scams and want to complain about them, the FTC provides an electronic means of doing so. I've provided a link for anyone, who might be interested in doing this. You can also complain by calling 1-877-FTC-HELP (1-877-382-4357).

Last, but not least, I'll point to a site called the Bank of Obama (Because Everybody Deserves a Bail Out). On this site — which appears to be somewhat of a parody — you can send your friends an imaginary check. At least this site delivers what it claims to — an imaginary check.