The Conficker worm has been stepping up its activities with reports made of distributed denial of service (DDoS) attacks on a number of Russian websites.
David Harley, director of malware research at ESET, working with researchers from Arbor Networks, claimed that a Russian newspaper is stating that attacks on tonks.ru, roem.ru and others are evidence of Conficker stepping it up its activities.
Harley said: “We've seen no evidence that any of these attacks are Conficker related, and in fact, at least one of them definitely isn't (another botnet is known to be responsible for the attack on tonks.ru).
“Russia does seem to have a lot of Conficker infected machines, but that doesn't mean they'd be used for attacks in Russia. In fact, some recent malware (including the earliest version of Conficker) has avoided using machines in certain countries (Ukraine, in the case of W32/Conficker.A), probably to avoid law enforcement-related complications.”
He claimed that if the Conficker botmasters did decide to launch a DDoS attack against a specific site or sites, it could be very effective. Although it is a mistake to assume, as some have, that the only likely use for a large botnet is to launch huge denial of service attacks.
Harley said: “In fact, it probably makes more sense to use comparatively small groups of compromised machines, making it harder for the good guys to trace which machines are in use at any one time and taking some sort of remedial action.
“Still, people like the idea of a dramatic, even apocalyptic event, and the idea has resurfaced that the Conficker botnet will be used for a massive attack on the internet itself. I think that's unlikely. Bringing down huge tracts of the net would probably not offer much in the way of profit.”