Giant Internet worm set to change tactics April 1
03/30/2009 4:12:49 AM
By JORDAN ROBERTSON AP Technology Writer
The fast-moving Conficker computer worm, a scourge of the Internet that has infected at least 3 million PCs, is set to spring to life in a new way on Wednesday - April Fools' Day.
That's when many of the poisoned machines will get more aggressive about "phoning home" to the worm's creators over the Internet. When that happens, the bad guys behind the worm will be able to trigger the program to send spam, spread more infections, clog networks with traffic, or try and bring down Web sites.
Technically, this could cause havoc, from massive network outages to the creation of a cyberweapon of mass destruction that attacks government computers. But researchers who have been tracking Conficker say the date will probably come and go quietly.
More likely, these researchers say, the programming change that goes into effect April 1 is partly symbolic _ an April Fools' Day tweaking of Conficker's pursuers, who for now have been able to prevent the worm from doing significant damage. "I don't think there will be a cataclysmic network event," said Richard Wang, manager of the U.S. research division of security firm Sophos PLC. "It doesn't make sense for the guys behind Conficker to cause a major network problem, because if they're breaking parts of the Internet they can't make any money."
The AP story doesn't identify the hackers, but CBS News Interactive, covering the same story, quotes an expert who says that most of them are young, anti-US Russian men.
Don Jackson is a hacker hunter. He is director of threat intelligence at SecureWorks in Atlanta, which protects corporations against cyber-attacks and tracks the hackers who launch them.
"Part of my job is to know the enemy, to know our adversaries," he explained.
To Jackson, the enemy is a hacker. "An enemy is somebody who wants to use computers to hurt somebody else or to make money for themselves.
"Using an assumed name, "Gozi," Jackson infiltrates chat rooms where hackers sell their worms and viruses to their clients: other hackers. He asks for a demo so his company can create software to disable the malware. The hackers, he says, are typically young, male and often from Russia.
Asked how he tracks them down, Jackson said, "Well, they're like any other business. They have to advertise to get clients."As Jackson explains, these brazen hackers do this openly on the Internet. "Unfortunately they're all too easy to find," he said. He says many Russian hackers are in cyber-gangs that display fascist symbols, like a Swastika and anti-American artwork. They boast about all the dollars they've stolen from the rich Americans. A single hacker can make $30,000 a month and be championed in local newspapers.
"There's an example recently where two boys were arrested actually and then let go the next day, but the article in the newspaper wasn't that they were arrested and that they committed a crime, but saying: 'Look at our two local boys made good. They've cheated some greedy Westerners out of so much money,'" Jackson explained.
"They're heroes," Stahl remarked.
"They are," he agreed. "And it's bringing money into the local economy.
"Russian authorities tend to look the other way, which explains why members of the cyber gangs have no fear. They even show their faces on the Internet.
One of the hackers, who calls himself "Tempest," is just 14 years old and working fulltime. "So he can't legally drive a car and he can't join the army, but he can hack into banks and siphon money out," Jackson remarked.
It's not known who's behind the computer worm Conficker, whether it's a gang of Russian hackers or some solitary evil genius. This worm is wily - it keeps mutating. Security software companies have been kept very busy.
Anybody know more about what we should expect on Wednesday, if anything?