ZDNet Government

David Gewirtz
Home / News & Blogs / ZDNet Government

Is Conficker from China?

By | March 29, 2009, 9:50pm PDT

Summary: So, hot on the heels of my last post, reporting that researchers have pinpointed in China the control centers of a massive spy network they dubbed GhostNet, I see this brief from Cnet’s Dong Ngo. Ngo reports that the Vietnamese security research firm BKIS has determined that the Conficker virus originated in … wait for it [...]

So, hot on the heels of my last post, reporting that researchers have pinpointed in China the control centers of a massive spy network they dubbed GhostNet, I see this brief from Cnet’s Dong Ngo.

Ngo reports that the Vietnamese security research firm BKIS has determined that the Conficker virus originated in … wait for it … China.

The firm’s conclusion is based on its analysis of the virus’ coding. It found that Conficker’s code is closely related to that of the notorious Nimda, a virus that wreaked havoc on the Net and e-mail in 2001. At that time, BKIS determined that Nima was made in China based on the firm’s own data.

It’s important to note that the origin of Nimda was never verified. Though Nimda contained text indicating that it may have originated from China, this is in no way hard evidence.

Details on protecting yourself from Conficker on Dong’s article. BKIS has free antivirus software to protect you.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “ZDNet Government”

Topics

China, Nimda Worm, Virus, BKIS, Viruses And Worms, Cyberthreats, Security, Richard Koman

Disclosure

Richard Koman

http://government.zdnet.com/?page_id=3731

Biography

Richard Koman

Richard Koman is an attorney admitted to practice in California. As a technology writer since the mid-1980s, Richard Koman has documented the role of computing in the transformation of the graphic arts, the growth of the Web and the birth of the peer-to-peer phenomenon. He worked as a book and web editor for O'Reilly Media throughout the 1990s, editing several influential websites and numerous best-sellers. As a lawyer, as well as a tech writer, he brings a unique perspective to the blog's intersection of law, government and technology.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
10
Comments
Add Your Opinion

Join the conversation!

Just In

Already known
kokuryu 28th Apr 2009
This was already known from way back in January. They tracked the original and the revised versions of Conficker coming straight from China - and verified it already. Who in China? Considering that it has infected a LARGE portion of the world's governments' computers, I would not put this past being a government operation.
View in thread
0 Votes
+ -
Wrong "net"?
Gis Bun 30th Mar 2009
Sure you got the right "net"? News in Canada said that they found a virus/worm that is specifically infecting systems from diplomats, ambassadors and others and in particularly in those countries that border China.

China has of course denied any involvement. The Dali Lama's [sic?] systems have been infected.

Reports state that the Conficker worms are originating from easturn Europe - where countries there don't seem to care what their citizens do.
0 Votes
+ -
What a load of rubbish!!
techboy_z 30th Mar 2009
"Reports state that the Conficker worms are originating from easturn Europe - where countries there don't seem to care what their citizens do."

Right...they've come out from under the oppressive Soviet regimes and have swung completely the other way to total anarchy? I don't think so. Like Germans, many Eastern Europeans I know are very concerned with order and precision in their undertakings. They are enamored with freedom and capitalism now, but have not totally abandoned a sense of order and law -- rather, they have a sense of what its appropriate boundaries are. Unlike the new U.S. administration, which has now taken to deciding when CEOs should leave companies.
0 Votes
+ -
RE: Is Conficker from China?
hausdok@... 30th Mar 2009
I think they might be barking up the wrong country. The word "fick" is short for the verb "ficken" in German and means to "F*ck" someone in English. I'd be looking to Germany for the fingerprints for this one.

M. OHandley, Kenmore, WA
0 Votes
+ -
Virus Names
sboverie 30th Mar 2009
Your etemology is good but I think that the viruses are named by the AV researchers. Symmantec calls Conficker "Downadup".

I read the blog on Symmantec's site about this trojan and the group that put it together are very organized. I would suspect government/military resources behind it. The blog has maps and charts but no real culprits.
0 Votes
+ -
RE: Is Conficker from China?
kumvinod@... 30th Mar 2009
It is quite likely tht it must have been from China.. Coz Chinese are the largest exporters of Malware apart from toys
0 Votes
+ -
RE: Is Conficker from China?
fanjet@... 30th Mar 2009
probably is - but whoever writes these things would want to be watching their backs.
0 Votes
+ -
where it's from?
butterman.b 30th Mar 2009
the only 2 times that it has been seen (via IP traces) "in the wild" attempting to communicate, were from the area around Kiev and once from Brazil. I believe the attempt from Brazil was a redirect and that leaves Kiev. remember the A variant would suicide out if you had a Ukrainian keyboard. BB
0 Votes
+ -
Who cares?
epcraig 30th Mar 2009
As of today I cannot care less now that I have confirmation that it's a Windows exclusive problem and therefore I can have no effect on its resolution.
Gotta love somebody else's problem.
0 Votes
+ -
Long live Linux!
hasta la Vista, bah-bie 31st Mar 2009
Yeah! grin
0 Votes
+ -
Already known
kokuryu 28th Apr 2009
This was already known from way back in January. They tracked the original and the revised versions of Conficker coming straight from China - and verified it already. Who in China? Considering that it has infected a LARGE portion of the world's governments' computers, I would not put this past being a government operation.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix