ICANN is leading the white hats in an "extraordinary behind-the-scenes struggle" against the forces behind the Conficker malware, John Markoff reports in the Times. Dancho Danchev noted
Among the key innovations of the Conficker worm (W32.Downadup) was the pseudo-random domain generation algorithm used for the generation of dynamic command and control locations in order to make it nearly impossible for researchers and the industry to take them down.
The impressive botnet has coalesced global security experts into the so-called Conficker Cabal.
“I walked up to a three-star general on Wednesday and asked him if he could help me deal with a million-node botnet,” said Rick Wesson, a computer security researcher involved in combating Conficker. “I didn’t get an answer.”
Think of Conflicker as a botcloud.
The Conficker program is built so that after it takes up residence on infected computers, it can be programmed remotely by software to serve as a vast system for distributing spam or other malware.
In the first week of March, the fourth known version of the program, Conficker C, expanded the number of the sites it could use to 50,000. That step made it virtually impossible to stop the Conficker authors from communicating with their botnet.
“It’s worth noting that these are folks who are taking this seriously and not making many mistakes,” said Jose Nazario, a member of the international security group and a researcher at Arbor Networks, a company in Lexington, Mass., that provides tools for monitoring the performance of networks. “They’re going for broke.”
Not just a botcloud but one with very real national security implications, Phillip Porras, a research director at SRI International and one of the authors of a report on the virus, told the Times.
Perhaps the most obvious frightening aspect of Conficker C is its clear potential to do harm. Perhaps in the best case, Conficker may be used as a sustained and profitable platform for massive Internet fraud and theft. In the worst case, Conficker could be turned into a powerful offensive weapon for performing concerted information warfare attacks that could disrupt not just countries, but the Internet itself.