The Conficker April Fool

Tomorrow is April Fools Day. There will be plenty of jokes played, and many people bamboozled. Be ready, and believe nothing you hear. Well, almost nothing.

The Conficker worm (a.k.a Downup, Downadup and Kido), is a nasty piece of computer malware that has been on the move (i.e. spreading) since late last year, infecting Windows machines far and wide. It calls out to website domains, looking for payloads, and utilizes encryption/signing technology (to prevent its little gifts from being hijacked) which is some of the most sophisticated around. It connects around like your internet browser does (via HTTP), and on April 1st one of its variants is going to massively expand the size of it’s seek-and-infect scope. That may create some network congestion.

But other than the possibility of being infected, there’s actually not a heck of a lot more to say about Conficker (except that if your at-work Facebook browsing gets slow on Wednesday, you may want to just keep mum about it). Microsoft, ICANN, Verisign and many others have been working on the problem for more than a month. Further, Microsoft released a patch for the vulnerability the virus exploits back in October, before Conficker was released. So if you’ve kept your system updated, you probably don’t have much to worry about anyway. That is, unless, you’re CBS’s 60 Minutes.

But what’s the real joke of all this? Well it’s not that Conficker isn’t actually doing anything right now – it’s just waiting for further instructions. Meanwhile researchers are working diligently on solutions. No, what’s hilarious is that there is an entirely different threat lingering – one that has received much less attention, and could potentially be much much more damaging.

Researchers are calling it GhostNet, and it’s already stolen vast amounts of data from government and private offices around the world. It ran completely undetected until the office of the Dalai Lama suspected foul play, and asked Toronto researchers to investigate. Some are blaming the Chinese, but they are denying all.

By the way, GhostNet, which runs via another piece of malware called gh0st RAT (RAT stands for ‘Remote Access Tool’), isn’t waiting around for instructions; it’s still digging away. I conclude that the media is steering info-tech security priorities in the wrong direction – generating fear for headlines belays no crisis.

Within a few years, every bit of data on every computer on the planet will be encrypted. And every bit of data circulated the web (including email, instant messaging, and even select portions of the web sites you view daily) will be encrypted. Dig all you want, boogieman.

“What they can’t read won’t hurt you.” – MG 3/31/09

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.