[Yr7-10it] Conficker, April the First.

Reid, Cam C reid.cam.c at edumail.vic.gov.au
Wed Mar 25 07:43:04 EST 2009 

Stephen covers a broad range of topics, most of which I wouldn't come
across in my normal browsing. He has highlighted, research, new products
and many usable sites which have helped me keep up to date with what is
happening out there. While some topics may not be related to a
particular list, I would hate to see Stephen give up sharing his
findings. As with any emails, the delete button is easy to hit without
even opening the message. From my point of view, keep up with your
considerable research Stephen, I look forward to reading your posts.

Cameron Reid
Shepparton High School

-----Original Message-----
From: yr7-10it-bounces at edulists.com.au
[mailto:yr7-10it-bounces at edulists.com.au] On Behalf Of Hutchison,
Geoffrey G
Sent: Tuesday, 24 March 2009 10:07 PM
To: Year 7 - 10 Information Technology Teachers' Mailing List
Subject: RE: [Yr7-10it] Conficker, April the First.

Pl....lease! 

Mods, delete this guy! 


cheers,
Geoff Hutchison,
IT Manager/Coordinator,
McGuire College,
Shepparton, Vic



-----Original Message-----
From: yr7-10it-bounces at edulists.com.au
[mailto:yr7-10it-bounces at edulists.com.au] On Behalf Of
stephen at melbpc.org.au
Sent: Tuesday, 24 March 2009 10:00 AM
To: oztl_net at listserv.csu.edu.au; oz-teachers at rite.ed.qut.edu.au;
sofdev at edulists.com.au; yr7-10it at edulists.com.au
Subject: [Yr7-10it] Conficker, April the First.

Hi all,

This is an important matter. The following NYTimes article is a little
scary, but it raises matters that should receive WIDE attention by all
net users. One would suggest you raise it with colleagues and students.

As you will probably know, there is a powerful virus called 'Conficker'
currently on the loose, and, apparently, has already infected many PCs
including for example thousands of UK Government machines. It's set to
'go off' on April the First. And, as this NT Times article below notes,
no one knows exactly what will happen. 

Although the article does not mention that apparently Linux etc and Mac
machines are not a target, only Windows machines, as you will read, for
the sake of all of us Internet users, it is a GREAT idea for Win people
to make sure you have updated your anti-virus software and have scanned
machines recently. Please folks, google 'Conficker' and see what i mean.


Computer Experts Unite to Hunt Worm

By JOHN MARKOFF www.nytimes.com March 19, 2009 


An extraordinary behind-the-scenes struggle is taking place between 
computer security groups around the world and the brazen author of a 
malicious software program called Conficker.

The program grabbed global attention when it began spreading late last 
year and quickly infected millions of computers with software code that 
is intended to lash together the infected machines it controls into a 
powerful computer known as a botnet. 

Since then, the program's author has repeatedly updated its software in
a 
cat-and-mouse game being fought with an informal international alliance 
of computer security firms and a network governance group known as the 
Internet Corporation for Assigned Names and Numbers. 

Members refer to the alliance as the Conficker Cabal.

The existence of the botnet has brought together some of the world's
best 
computer security experts to prevent potential damage. 

Last month, Microsoft announced a $250,000 reward for information
leading 
to the capture of the Conficker author..

The inability of the world's best computer security technologists to
gain 
the upper hand against anonymous but determined cybercriminals is viewed

by a growing number of those involved in the fight as evidence of a 
fundamental security weakness in the global network. 


An examination reveals that the zombie computers are programmed to try
to 
contact a control system for instructions on April 1. 


There has been a range of speculation about the nature of the threat 
posed by the botnet, from a wake-up call to a devastating attack.

Researchers who have been painstakingly disassembling the Conficker code

have not been able to determine where the author, or authors, is
located, 
or whether the program is being maintained by one person or a group of 
hackers. 

The Conficker program is built so that after it takes up residence on 
infected computers, it can be programmed remotely by software to serve
as 
a vast system for distributing spam or other malware. 

Several people who have analyzed various versions of the program said 
Conficker's authors were obviously monitoring the efforts to restrict
the 
malicious program and had repeatedly demonstrated that their skills were

at the leading edge of computer technology. 

For example, the Conficker worm already had been through several
versions 
when the alliance of computer security experts seized control of 250 
Internet domain names the system was planning to use to forward 
instructions to millions of infected computers.

Shortly thereafter, in the first week of March, the fourth known version

of the program, Conficker C, expanded the number of the sites it could 
use to 50,000. 

That step made it virtually impossible to stop the Conficker authors
from 
communicating with their botnet.

"It's worth noting that these are folks who are taking this seriously
and 
not making many mistakes," said Jose Nazario, a member of the 
international security group and a researcher at Arbor Networks, a 
company in Lexington, Mass., that provides tools for monitoring the 
performance of networks. "They're going for broke."

A report scheduled to be released Thursday by SRI International, a 
nonprofit research institute in Menlo Park, Calif., says that Conficker
C 
constitutes a major rewrite of the software. 

Not only does it make it far more difficult to block communication with 
the program, but it gives the program added powers to disable many 
commercial antivirus programs as well as Microsoft's security update 
features.

"Perhaps the most obvious frightening aspect of Conficker C is its clear

potential to do harm," said Phillip Porras, a research director at SRI 
International and one of the authors of the report. "Perhaps in the best

case, Conficker may be used as a sustained and profitable platform for 
massive Internet fraud and theft."

"In the worst case," Mr. Porras said, "Conficker could be turned into a 
powerful offensive weapon for performing concerted information warfare 
attacks that could disrupt not just countries, but the Internet itself."

The researchers, noting that the Conficker authors were using the most 
advanced computer security techniques, said the original version of the 
program contained a recent security feature developed by an M.I.T. 
computer scientist, Ron Rivest, that had been made public only weeks 
before. 

And when a revision was issued by Dr. Rivest's group to correct a flaw, 
the Conficker authors revised their program to add the correction. 

Although there have been clues that the Conficker authors may be located

in Eastern Europe, evidence has not been conclusive ..

--

Cheers,
Stephen


Message sent using MelbPC WebMail Server



_______________________________________________
http://www.edulists.com.au - FAQ, resources, subscribe, unsubscribe
Year 7 - 10 IT Mailing List kindly supported by
http://www.vcaa.vic.edu.au - Victorian Curriculum and Assessment
Authority and
http://www.vitta.org.au  - VITTA Victorian Information Technology
Teachers Association Inc

Important - This email and any attachments may be confidential. If
received in error, please contact us and delete all copies. Before
opening or using attachments check them for viruses and defects.
Regardless of any loss, damage or consequence, whether caused by the
negligence of the sender or not, resulting directly or indirectly from
the use of any attached files our liability is limited to resupplying
any affected attachments. Any representations or opinions expressed are
those of the individual sender, and not necessarily those of the
Department of Education and Early Childhood Development.

_______________________________________________
http://www.edulists.com.au - FAQ, resources, subscribe, unsubscribe
Year 7 - 10 IT Mailing List kindly supported by
http://www.vcaa.vic.edu.au - Victorian Curriculum and Assessment
Authority and
http://www.vitta.org.au  - VITTA Victorian Information Technology
Teachers Association Inc

Important - This email and any attachments may be confidential. If received in error, please contact us and delete all copies. Before opening or using attachments check them for viruses and defects. Regardless of any loss, damage or consequence, whether caused by the negligence of the sender or not, resulting directly or indirectly from the use of any attached files our liability is limited to resupplying any affected attachments. Any representations or opinions expressed are those of the individual sender, and not necessarily those of the Department of Education and Early Childhood Development.

More information about the Yr7-10it mailing list