SoylentNews is people
SoylentNews
In late 2008, a worm called Conficker began infecting millions of computers, startling the computer security community into action.
Conficker's quick spread was so alarming that an organization was formed called the Conficker Working Group that was tasked with stopping the botnet and finding its creators.
Many countries also formed their own groups that worked with Internet service providers to remove infections from users' computers. But seven years later, there are still about 1 million computers around the world infected with the malware despite the years-long cleanup effort.
Researchers in the Netherlands have analyzed those efforts and tried to figure out what went right and wrong in order to guide future botnet-fighting efforts. Their research paper will be presented next week at the 24th USENIX Security Symposium in Washington, D.C.
"These people that [have computers which] remain infected -- they might remain infected forever," said Hadi Asghari, assistant professor at Delft University of Technology in the Netherlands.
Hadi Asghari, assistant professor at Delft University of Technology.
In December 2008, Microsoft patched the vulnerability in Windows XP used by Conficker that allowed remote files to be executed if file-sharing was enabled. But Conficker's worm capabilities made it surprisingly resilient, and it continued to infect computers even when researchers took over the botnet's command-and-control system.
Special efforts by individual countries to control Conficker's spread, such as in Finland, helped keep a check on it, Asghari said. Some other advanced countries, including Norway and Sweden, did not have Conficker remediation programs but still managed to keep it under control, he said.
Researchers are still monitoring Conficker-infected computers since they took over control of the botnet years ago. Asghari said his team saw more than 1 million IP addresses of infected machines calling home to a sinkhole for instructions, but it's difficult to figure out what type of machines those are and why they may still be infected.
Asghari said it's likely many computers are probably running Windows XP without automatic updates installed. It's also possible that some of them may be rarely updated or abandoned embedded systems.
(Score: 4, Insightful) by Fluffeh on Monday August 10 2015, @05:57AM
...may be rarely updated or abandoned embedded systems...
So basically, military systems, hospitals and schools - bundled in with a sprinkling of grandpa&grandma computers all over the world...
(Score: 1) by miljo on Monday August 10 2015, @04:56PM
So basically, military systems, hospitals and schools - bundled in with a sprinkling of grandpa&grandma computers all over the world...
Don't forget self-checkout kiosks from businesses that just "sell hammers" [nytimes.com]
http://www.nj.com/business/index.ssf/2014/11/home_depot_data_breach_included_53m_email_addresses.html [nj.com]
One should strive to achieve, not sit in bitter regret.
(Score: 0) by Anonymous Coward on Monday August 10 2015, @06:02AM
However far-fetched the name "virus" might have been in the beginning, it has become totally appropriate. IMHO it's a good idea to apply *all* lessons from (evolutionary) biology to the field of malware.
With anti-virus-software, we've seen the beginnings of intra-cellular immune response ... which doesn't always work and sometimes overreacts, damaging the host cell ... ehhhmmm .... computer.
And the working group mentioned in the article is one of the first trials at an organism-wide immune system, leveraging mechanisms that were never intended for defensive actions (BTW: the virusus are doing the same, of course).
For the future, expect more such groups, and different other ones. Expect macrophage-similar groups and T-cell-similar groups. Expect unbelievably infectious viruses and inefficient ones. Expect deadly pandemics, reaping helpless computers by the millions.
And do ecpect auto-immune sicknesses. Lots of them, and deadly ones, until this ecosystem's evolution has figured out the fine balance between "not enough" and "too much".
Need AV ideas? Read biology books. Prepare to be frightened.
(Score: 0) by Anonymous Coward on Monday August 10 2015, @06:14AM
Need a degree in evolutionary biology? Study computer viruses :-)
(Score: 0) by Anonymous Coward on Monday August 10 2015, @07:23AM
On the other hand, much of immunology could consist of misinterpreted and filtered data that has been molded to fit human preconceptions. Afaict measuring the collective opinion is what nhst accomplishes. In that case, the ideas for computer virus and defense behaviors are simply originating from the same place.
Really, name one accurate and precise prediction made by an immunologist. It may exist but none come to mind.
(Score: 2) by TheRaven on Monday August 10 2015, @08:35AM
However far-fetched the name "virus" might have been in the beginning, it has become totally appropriate.
No it hasn't. Computer viruses are still almost completely unlike biological viruses in every way.
sudo mod me up
(Score: 0) by Anonymous Coward on Monday August 10 2015, @09:51AM
Not to mention that (as the summary correctly states) Conficker is a worm, not a virus. While there's a trend to use "virus" for about any type of malware, I think it is still worthwhile to make some differences. A worm can infect an uninfected vulnerable system even if it is left alone doing nothing but its normal operation. A virus, on the other hand, always needs some user interaction, be it starting an infected executable, opening an infected attachment, surfing an infected web site, inserting an infected data storage medium, …
(Score: 2) by TheRaven on Monday August 10 2015, @12:16PM
sudo mod me up
(Score: 0) by Anonymous Coward on Monday August 10 2015, @07:10AM
Everything from the question mark onward is just noise.
If something quasi-useful was to be tacked onto the base URL, that would be #drr-container (for people using text-only browsers or screenreaders).
N.B. ComputerWorld's use of HTML accessibility features is just pitiful.
...and is there a reason that the editors aren't substituting link text for URLs?
-- gewg_
(Score: 2) by aristarchus on Monday August 10 2015, @07:47AM
Yes, terrible! How could a major Operation System Vendor allow such a vulnerability to go on for so long? But I don't care. Micro&+$oft free since 1995. Oh, I still should be worried? About the miniscule number of Linux vulnerabilities that occur every year? Oh, yes, I hear you and am quite vigilant. Better than looking out for virus from eight years ago on an obsolete operating system based on discs.
(Score: 0) by Anonymous Coward on Monday August 10 2015, @02:18PM
You mean the bug they fixed 6+ years ago? Would you feel just as gloating for someone running say a linux 2.4.3 install today and they got infected with something?
Are you *sure* all your linux installations are patched up? I have 3 that I do not plug into the network anymore because the OEM will never patch it again. Remember all of these installs out there have old OpenSSL stacks or old DNS servers baked in. Both of which have known root escalation bugs in them.
This is just simple neglect. You will start to see it more and more with linux appliances in the future.
(Score: 1) by o_o on Wednesday August 12 2015, @09:50AM
Asghari said it's likely many computers are probably running Windows XP without automatic updates installed.
Because this cures all disease, especially in the various windows flavors. And this guy is assistant professor to what exactly?