Conficker – One Year After (Part Three)

EPISODE THREE

What to expect next?

Ultimately, Conficker acts as any botnet. Botnet is a coined term derived from robot network. A botnet might be understood as a collection of malicious software robots (abbreviated bots), whose purpose is to run different kind of computer applications controlled by the owner or the disseminator of the software robot source, on a group of compromised computers, usually connected to the Internet.

From this point of view we can only expect for worse, as described below:

Corruption of Defensive System

The most dangerous aspect related to Conficker infection is that it completely neutralizes defensive systems. In other words, any infected machine holds a huge security breach that can be exploited anytime from now on. It is like having a house with a door wide open all the time, even when you sleep or go to work or in vacation.

Distributed Denial of Service

A botnet can be used as a tool to completely paralyze other computers over the Internet through what is known as Distributed Denial of Service (DDoS). The botnet attacks a network or a computer system to disrupt service via the loss of connectivity or consumption of the victim network's bandwidth and to overload the resources of the victim's computer system. This can prevent the access to a particular Web site for a long period of time, which, in case of Web-operating companies, but not only, might lead to total isolation.

Pay-per-Click Systems Abuses and Frauds

Botnets can be used to engage in click abuses and frauds. The bot is used to visit a specific Web page and/or automatically "click" on the advertisement banners. The purpose is to obtain financial gain by automating visiting and/or clicking on a pay-per-view or pay-per-click system (to actually cheat the online advertising companies that pay a sum of money for each visit or click on that page, like Gooogle Adsense).

Key Logging, Traffic Monitoring and Mass Identity Theft

Many bots watch the keyboard activity and report the keystrokes stream to their owner. Some bots have features to look for visits to particular Web sites where passwords or bank account information is entered. With a filter program, the bot owner can extract only the keyboard sequence typed before or after words like "PayPal" or "Credit Card". This allows cybercriminals to gain access to personal information and accounts belonging to thousands of people.

Spamming

The drones from a botnet can be used to harvest e-mail addresses and/or send/forward a huge amount of messages to other computers. For instance, this was the case of a mass-mailing spam campaign at the end of 2007, pleading for Ron Paul candidature at the 2008 US presidential elections.

How can we protect?

The following five simple rules should be enough to keep you away from any upcoming disaster:

• Check with your operating system provider on a regular basis - download and install the latest security updates, malware removal tools, as well as other patches or fixes.
• Install and activate a reliable password protected antimalware, firewall, spam filter and parental control solution, like those provided by BitDefender.
• Update your antimalware, firewall and spam filter as frequent as possible, with the latest virus definitions and suspicious applications/files signatures.
• Scan your system frequently.
• Stay informed about e-threats and security.

If your system has been infected, there is still hope. Check http://www.bdtools.net/, download the Downadup Removal Tool, follow the instructions and clean your system. Ideally, once you eliminated Downadup from your machine, you should patch your OS with the latest updates, install and activate an antimalware suite.