Conficker Working Group claims that people are still being infected

News by Dan Raywood

The Conficker worm is still actively infecting users, yet its creators are still unknown.

The Conficker worm is still actively infecting users, yet its creators are still unknown.

According to a report by PCAdvisor, Conficker Working Group member and researcher Jose Nazario said that it is still working to try to find Conficker's master. He said that the problem is that the botnet's operators have stayed away from Conficker and not tried to reclaim it, a welcome development, but one that leaves researchers with a lack of fresh electronic leads.

Nazario said: “Well, we sort of won in that regard. They had to walk away from it. On the other hand, if they're not interacting with it, there's no more evidence coming in.

“It feels like a stalemate. It feels like we're kind of in a holding pattern but there's still effort that goes into it.”

He claimed that Conficker used a private key to sign encrypted updates, and if that key were to be found, it would represent the needed crucial evidence but this has not come to light so far.

Nazario said that the group is still interacting with sinkhole operators, top-level domain operators and ICANN, while the malware remains on autopilot, taking advantage of vulnerable computers and proving to be a long-term nuisance.

Joona Airamo, CISO of Stonesoft, said: “Conficker is a well-made piece of code, signifying that the programmer was not an amateur. With the collateral damage being far greater than what the creator may have intended, it could have been an attack gone wild – even more reason for someone to not what to come forward.”

Microsoft announced a $250,000 reward for information that resulted in the arrest and conviction of those responsible for the Conficker malware in 2009.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews