Predictions made that Conficker will continue to dominate malware and botnets into 2010 as new malware uses copycat tactics

News by Dan Raywood

The Conficker effect will spread into 2010 with the worm still present and new malware using the same techniques.

The Conficker effect will spread into 2010 with the worm still present and new malware using the same techniques.

Rodney Joffe, senior vice president and senior technologist of Neustar and a director of the Conficker Working Group, claimed that the problem will exist through the next few weeks and into the New Year as ‘it does not respect holidays'.

Joffe said: “It continues to grow and keeps occurring but it is not being reported. This is maybe something we need to look at, it may not have done very much and we are no closer to being able to stop this thing but the more we know then the more it becomes apparent for us to detect it.”

He also claimed that as first year commemorations are marked of the variants, the problem is still occurring ‘and it really is a pretty miserable anniversary'.

Joffe said: “We will see over the next year and the last couple of months that new malware uses the same techniques and the next thing is that it is using modern encryption and it is oscillating two levels and fast flex domain names.

“The latest thing is that it is using dynamic numbers – if ‘C' number uses the closing number of the Dow Jones index then you begin counting until it is closed and then get that out to the owners of the registrations, it is impossible. They are now using it in relation to Facebook and that is publicly available to everyone.”

He said that the fight against such malware is an arms race that will continue into next year, and there is a need to look at the cybercriminal fundamentally and decide how to stop them in the first place.

“We need to fight a tremendous fight and think about how to engage in dealing with cyber security. Conficker did not have to do anything to do with security as you just needed to turn the computer on, that is a problem as it is becoming more and more connected as more people are using the internet for critical actions,” said Joffe.

Paul Wood, MessageLabs intelligence senior analyst at Symantec, said that Conficker has plenty of potential as it has got a lot of computer power behind it, particularly as some of the largest spamming botnets do not have more than two million computers under control.

Wood said: “It will be interesting to see what it will do as we have seen similar Trojans being used to drop malware, spyware and rogue anti-virus, whatever as long as it is used for as long as they get money.

“It is still early days with Conficker, we are still waiting to see if it will come to life. We will see more genuine droppers with more flexibility and with more of an agenda to do a denial-of-service or drop malware and if they are being paid it is easy money.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews