The Conficker worm's evil genius.

Innovation, the Internet, gadgets, and more.
March 30 2009 5:20 PM

The Worm That Ate the Web

The latest version of Conficker isn't the first bot to plague the Internet, but it may be the smartest and most sophisticated. And it starts phoning home Wednesday.

(Continued from Page 1)

But you might spot a couple of obvious flaws in this rendezvous mechanism. First, if Conficker is calling up domain names, can't anyone—especially other bad guys—monitor which sites it's connecting to and then upload their own software for Conficker's infected machines to run? Conficker's authors worried about that, too, and cooked up a brilliant counter-mechanism. The worm uses one of the world's most advanced cryptographic algorithms to check all files it downloads from one of those domains; if it doesn't find a digital fingerprint from its authors, Conficker won't run the program.

The second flaw: Can't the Internet's authorities just make sure that no one registers the domain names that Conficker is checking, thereby preventing anyone from sending the worm its marching orders? Indeed, they can. In February, the worldwide team of computer security groups who've been fighting Conficker—the self-dubbed Conficker Cabal—announced that they'd worked out a way to determine the pre-generated list of domains that Conficker would connect to. Eventually the cabal got registrars around the world to prevent people from registering those sites.

But that's when researchers spotted the newest Conficker variant, which includes a much-improved updating plan. Instead of generating a list of hundreds of domains, Conficker C creates a new list of 50,000 Web sites to contact every day. Although the Conficker Cabal is trying to prevent registrations on all these domains, registrars around the world will have a much more difficult time monitoring this huge, shifting number of sites. But that's not all: The latest version of Conficker has a completely new way to coordinate the botnet's operations. Rather than contacting domain names, infected machines can band together in a massive peer-to-peer network. This way, each machine can efficiently pass files to its peers in something like the way your high-school orchestra used a phone tree to pass along next week's rehearsal change (or, to get more technical, in the same way people trade movies online via BitTorrent). We've seen peer-to-peer botnets before; in 2007, one of them, the Storm Worm, brought down several anti-spam Web sites. A peer-to-peer-enabled botnet as sophisticated as Conficker would be very difficult to thwart; if it worked well enough, it could well be impossible to shut down.

Who created Conficker? Like much else about the worm, it's completely unknown. Initial speculation settled on Eastern Europeans. The first version of Conficker included code designed to keep Ukraine free of the worm. (If it detected a Ukrainian keyboard, it shut down.) But successive versions have been free of that code. On Sunday, BKIS, a Vietnamese computer security firm, announced that it had found clues in the worm suggesting it was created in China. In February, Microsoft put up a $250,000 reward for any information leading to the arrest and conviction of people responsible for creating Conficker.


But whoever they are, they sure are dangerous. "We must also acknowledge the multiple skill sets that are revealed within the evolving design and implementation of Conficker," wrote security experts at the research group SRI International in a report last week. The researchers added: "Perhaps an even greater threat than what they have done so far, is what they have learned and what they will build next."

But Conficker is also important for what it portends about the inherent difficulties of living in a networked age. Worms feed on bugs—holes in the ever-more-complex operating systems and Web browsers where we live most of our online lives. And because we're never going to get rid of these bugs, bad guys will always be able to find a way in. It's just that now, with the entire Internet as their playground—and with the power to harness all their infected machines into a thinking network—they can cause tremendous harm. Conficker could fizzle. But you can bet that someday, something very much like it will cause a lot of pain.



The Democrats’ War at Home

How can the president’s party defend itself from the president’s foreign policy blunders?

An Iranian Woman Was Sentenced to Death for Killing Her Alleged Rapist. Can Activists Save Her?

Piper Kerman on Why She Dressed Like a Hitchcock Heroine for Her Prison Sentencing

Windows 8 Was So Bad That Microsoft Will Skip Straight to Windows 10

Homeland Is Good Again! For Now.


Cringing. Ducking. Mumbling.

How GOP candidates react whenever someone brings up reproductive rights or gay marriage.


How Even an Old Hipster Can Age Gracefully

On their new albums, Leonard Cohen, Robert Plant, and Loudon Wainwright III show three ways.

The U.S. Has a New Problem in Syria: The Moderate Rebels Feel Like We’ve Betrayed Them

We Need to Talk: A Terrible Name for a Good Sports Show by and About Women

Trending News Channel
Oct. 1 2014 1:25 PM Japanese Cheerleader Robots Balance and Roll Around on Balls
  News & Politics
The World
Oct. 1 2014 12:20 PM Don’t Expect Hong Kong’s Protests to Spread to the Mainland
Oct. 1 2014 2:16 PM Wall Street Tackles Chat Services, Shies Away From Diversity Issues 
The Eye
Oct. 1 2014 1:04 PM An Architectural Crusade Against the Tyranny of Straight Lines
  Double X
The XX Factor
Oct. 1 2014 2:08 PM We Need to Talk: Terrible Name, Good Show
  Slate Plus
Political Gabfest
Oct. 1 2014 1:53 PM Slate Superfest East How to get your tickets before anyone else.
Brow Beat
Oct. 1 2014 3:02 PM The Best Show of the Summer Is Getting a Second Season
Future Tense
Oct. 1 2014 3:01 PM Netizen Report: Hong Kong Protests Trigger Surveillance and Social Media Censorship
  Health & Science
Oct. 1 2014 2:36 PM Climate Science Is Settled Enough The Wall Street Journal’s fresh face of climate inaction.
Sports Nut
Sept. 30 2014 5:54 PM Goodbye, Tough Guy It’s time for Michigan to fire its toughness-obsessed coach, Brady Hoke.