Our reporting relies on your support. Contribute today! 

Help us reach our goal of $250,000. The countdown is on!

Computer security experts remain flummoxed by Conficker, an epic computer virus that could wreak havoc April 1, the date its authors have said it will be activated, according to the latest dispatches from The New York Times’ John Markoff.

Conficker, also known as Downadup, is the worst virus to hit the internet in more than five years. It is spreading by a recently discovered vulnerability in the Microsoft Windows operating system, and may have infected 12 million or more computers worldwide.

Among those chasing Conficker is K.C. Claffy, computer scientist at the San Diego Supercomputer Center who I profiled in January. The last time I spoke with her, she described the virus as a formidable foe.

“It could be a teen just proving he can do this, or some billion-dollar scammer setting up an impervious spam network,” Claffy said. “It’s very confusing — I can’t get in the head of the wormer.”

Here is a sampling of what Markoff is reporting this week:

The program grabbed global attention when it began spreading late last year and quickly infected millions of computers with software code that is intended to lash together the infected machines it controls into a powerful computer known as a botnet.

Since then, the program’s author has repeatedly updated its software in a cat-and-mouse game being fought with an informal international alliance of computer security firms and a network governance group known as the Internet Corporation for Assigned Names and Numbers. Members refer to the alliance as the Conficker Cabal.

The existence of the botnet has brought together some of the world’s best computer security experts to prevent potential damage. The spread of the malicious software is on a scale that matches the worst of past viruses and worms, like the I Love You virus. Last month, Microsoft announced a $250,000 reward for information leading to the capture of the Conficker author.

Given the sophisticated nature of the worm, the question remains: What is the purpose of Conficker, which could possibly become the world’s most powerful parallel computer on April 1? That is when the worm will generate 50,000 domain names and systematically try to communicate with each one. The authors then only need to register one of the domain names in order to take control of the millions of zombie computers that have been created.

Speculation about Conficker’s purpose ranges from the benign — an April Fool’s Day prank — to far darker notions. One likely possibility is that the program will be used in the “rent-a-computer-crook” business, something that has been tried previously by the computer underground. Just like Amazon.com offers computing time on its network for rent, the Conficker team might rent access to its “network” for nefarious purposes like spamming.

The most intriguing clue about the purpose of Conficker lies in the intricate design of the peer-to-peer logic of the latest version of the program, which security researchers are still trying to completely decode.

DAVID WASHBURN

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.