Wednesday, April 1, 2009

Not much more about Conficker.c

Some of this I already suspected and some it I'd have learned sooner if I'd been paying closer attention:

All Hell has not broken loose. This is not particularly surprising. All Hell has a history of not breaking loose on cue. One likely reason is that the people behind this appear to be in it to make money, and the successful parasite does not kill its host. There's even a plausible guess as to the business model: charge to rent out the infected machines as a distributed password-cracking compute server, sort of like SETI@home but up to no good and under remote control.

For example, if you know the last four digits of someone's Social Security number, there are no more than 100,000 possibilities for the other digits. If you have 100,000 computers at your beck and call, it will take very little of any particular computer's time to try all of the combinations. Of course, there are problems with the approach, particularly if trying a number involves contacting, say, some bank's server, which might find it suspicious that the customer has forgotten her SSN and has resorted to trying all possible combinations in quick succession. But you get the idea.

What about the notion that if your computer is infected, thieves will be able to track your every keystroke and steal your secrets? Well, one can't rule anything out, but that kind of behavior doesn't fit well with the "distributed password cracking" scenario. If I'm leeching off your PC's processing power, the last thing I want to do is draw attention to myself.

I previously said there were "many, many" Conficker infections. What's "many"? The actual figure is thought to be in the millions or low tens of millions, which is large enough, but consider that there are somewhere in the high hundreds of millions of computers in use.

No comments: