The Enemy Within: Fascinating Article About the Conficker Computer Worm

June 10, 2010
We’re dealing with one of two things: either we’re dealing with incredibly sophisticated cyber criminals, or we’re dealing with a group that was funded by a nation-state. Because this wasn’t the kind of team that you could just assemble by getting your five buddies who play Xbox 360 and saying, ‘Let’s all work together and see what we can do.’

The Conficker computer worm has been around for about two years now. First spotted in 2008, it began to spread and by January of 2009 started causing problems in Europe: the French Navy computer network became infected, forcing aircraft at several airbases to be grounded; the UK Ministry of Defence reported the worm had spread across various administrative offices; the Manchester police computer network was infected, and disconnected from the main Police National Computer for three days.

The Enemy Within is a brilliant and fascinating read about Conficker. Writer Mark Bowden takes a very technical subject and breaks it down, in layman’s terms, so that you don’t have to be a computer security expert to understand what’s going on.

A worm works like a virus, exploiting flaws in operating systems, but it doesn’t attack once it breaks in. It generally doesn’t have a malicious payload. Exactly like the most-sophisticated viruses in the biological world, it does not cripple or kill its host. It is primarily designed to spread. The instructions that will put a worm like Conficker to work are not embedded in its code; they will be delivered later, from a remote command center.

The worm itself has some remarkable properties. It exploits a Windows vulnerability and on infection, repairs the vulnerability to prevent other worms from entering. It uses an incredibly sophisticated encryption to communicate with random servers, receiving instructions and updates to its own code.

The kicker is: it’s not so much that the worm is infecting tons of computers. That’s bad in and of itself, true. But the worm is biding its time, waiting for… something. And that’s the most unsettling part.

It has been activated only once, to perform a relatively mundane spamming operation – enough to demonstrate that it is not benign. No one knows who created it. No one yet fully understands how it works. No one knows how to stop it or kill it. And no one even knows for sure why it exists.

What I don’t think has fully sunk in for me is the fact that the worm cannot be stopped. It’s sophisticated enough to essentially evolve, and has eluded some of the top security experts for nearly two years now. And with one of the worm’s most recent upgrades (switching to a peer-to-peer communication method, as opposed to checking in to a random server), it’s become impossible to accurately track how many computers have been infected.

There are tons of quotable bits from this article, and it’s an incredibly compelling and well-written piece. I’m awed and frightened in equal measure. The Enemy Within is a really gripping article, and very much a cops and robbers kind of a read.

This Post Has 0 Comments

Leave A Reply