News

Microsoft Joins Group To Stop Conficker Worm, Offers Reward

Problems with the Conficker worm have become so widespread that Microsoft is putting up $250,000 for information leading to the arrest of the worm's author.

Additionally, Microsoft is collaborating with other industry organizations to form a group to stop the self-replicating worm, which is said to be one of the largest botnets ever created. Among the group's members are Symantec, domain registry organization ICANN, AOL and Verisign.

"Microsoft's approach combines technology innovation and effective cross-sector partnerships to help protect people from cybercriminals," wrote George Stathakopoulos, general manager of Microsoft's Trustworthy Computing group, in an e-mailed statement. "We hope these efforts help to contain the threat posed by Conficker, as well as hold those who illegally launch malware accountable."

Reports have suggested that as many as 10 million PCs have been infected since Conficker first surfaced in October 2008 as a vulnerability in Windows' remote procedure call (RPC) requests; Microsoft released an out-of-band patch. RPC requests are server-side commands that allow subroutine code to execute on other computers on a shared network. What is unique about the RPC vulnerability that Conficker is exploiting is that subroutines can be executed without programmer interference. This makes an autonomously sustained bug such as Conficker effective because RPC enables a virtually automatic and remote interaction between CPUs in a shared processing environment.

The group's first task, according to Microsoft and Symantec, will be to look at ways to stop the update mechanism of Conficker (whose technical name is W32.Downadup/Conficker.B). The worm updates itself by daily checking a list of as many as 250 network domains for weak passwords, as well as opportunities to regenerate itself on new systems as it updates itself on already infected systems.

The group aims to reverse-engineer what it calls a "pseudo-random domain generation algorithm" inherent in Conficker code. This is where the participation of groups like ICANN, the Public Internet Registry and Global Domains International can be crucial to helping Microsoft solve the problem.

"The best way to defeat potential botnets like Conficker is by the security and domain name system communities working together," said Greg Rattray, ICANN's chief Internet security advisor, in an e-mailed statement.

Microsoft's announcement on Thursday of the $250,000 reward echoes its 2003 decision to shell out $250,000 for tips leading to information on the whereabouts of the writers of the SoBig and Blaster worms. The difference with Conficker is that Internet use has increased exponentially since then, hackers have gotten more sophisticated, and the number attacks originating in other countries have grown. To address the third issue, Microsoft has opened up the Conficker reward to residents of any country (inasmuch as it is permitted by other countries' laws).

Vincent Weafer, vice president of Symantec Security Response, said in an e-mail that as attackers become increasingly competitive in the distribution of their attacks, it is necessary for a meeting of the minds similar to what Microsoft is proposing.

"As attackers leverage widespread numbers of compromised systems, it is critical for leading industry leaders to combine resources to more quickly and effectively combat widespread threats such as Conficker," he said.

Meanwhile, Microsoft says that anyone with any information about Conficker should not contact the company directly but take their case to their local law enforcement agency that handles such matters.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Compare New GitHub Copilot Free Plan for Visual Studio/VS Code to Paid Plans

    The free plan restricts the number of completions, chat requests and access to AI models, being suitable for occasional users and small projects.

  • Diving Deep into .NET MAUI

    Ever since someone figured out that fiddling bits results in source code, developers have sought one codebase for all types of apps on all platforms, with Microsoft's latest attempt to further that effort being .NET MAUI.

  • Copilot AI Boosts Abound in New VS Code v1.96

    Microsoft improved on its new "Copilot Edit" functionality in the latest release of Visual Studio Code, v1.96, its open-source based code editor that has become the most popular in the world according to many surveys.

  • AdaBoost Regression Using C#

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the AdaBoost.R2 algorithm for regression problems (where the goal is to predict a single numeric value). The implementation follows the original source research paper closely, so you can use it as a guide for customization for specific scenarios.

  • Versioning and Documenting ASP.NET Core Services

    Building an API with ASP.NET Core is only half the job. If your API is going to live more than one release cycle, you're going to need to version it. If you have other people building clients for it, you're going to need to document it.

Subscribe on YouTube