Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
"About the only thing we've seen is that it has switched over to the DNS name-generation algorithm," Matt Watchinski, senior director of vulnerability research at Sourcefire, told SCMagazineUS.com on Wednesday. "Nobody has pushed out any new content yet. It hasn't [been] given new instructions to go do something."
The Conficker.C version of the worm was programmed to begin, on Wednesday, "phoning home" to 500 websites -- of a possible 50,000 per day -- to receive the instructions. Past versions of the worm only generated 250 unique domains per day.
Anti-virus vendors such as McAfee continued to monitor the situation but reported no major problems on Wednesday. Internet monitoring groups such as the SANS Internet Storm Center, which has volunteers placed all over the world, similarly reported no disruptions.
"Nothing significant to report (yet)," wrote Marcus Sachs, the center's director, on Wednesday morning. "We had several readers contact us over the past 24 hours with some minor impact, but so far no reports of anything newsworthy. Many organisations have been proactive about scanning their systems and finding either unpatched or Conficker-infected computers that were subsequently removed for repair."
In fact, it appears the organisations bearing the most impact from Wednesday's activation date are the groups trying to help end-users avoid infection. Sachs reported that the website for the Microsoft-led Conficker Working Group, a 23-member security industry alliance formed to fight the worm, was at times unavailable due to increased traffic. Also experiencing inadvertent but spotty service disruptions is Insecure.org, which offers the Nmap scanning tool, Sachs said. The tool had been updated to detect for Conficker infections.
But even though Wednesday brought more anti-climax than excitement, security researchers cautioned that the Conficker botnet remains a dangerous threat.
"There are millions of machines that are infected, and the capability is definitely there for attackers to use the network for nefarious purposes," Dan Hubbard, chief technology officer of web security firm Websense, said.
Hubbard warned of the possibility that a new version of the worm could soon arrive on the scene -- this one containing better built-in protections, to prevent against reverse engineering, and new methods of spreading. Meanwhile, Cisco security experts said they expected the worm to attain a peer-to-peer capability that will allow it to communicate with other compromised hosts for instructions, eliminating the need to query domains.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.