(Credit:
Wikipedia)
Updated at 9:13 p.m. PDT with information provided by BKIS stating that its free version of BKAV antivirus software can remove the worm from any infected computer.
There's been a lot of fuss about the Conficker worm. And here's the a $250,000 question: what is the origin of the virus?
$250,000 is the amount of money Microsoft is putting up as a reward for any information leading to an arrest related to the case. Folks at BKIS, a Vietnamese security firm that makes the BKAV antivirus software, announced Monday that they found clues that the virus may have originated in China. Previously, there were rumors that it might have been from Russia or Europe.
The firm's conclusion is based on its analysis of the virus' coding. It found that Conficker's code is closely related to that of the notorious Nimda, a virus that wreaked havoc on the Net and e-mail in 2001. At that time, BKIS determined that Nimda was made in China, based on the firm's own data.
It's important to note that the origin of Nimda was never verified. Though Nimda contained text indicating that it may have originated from China, that is in no way hard evidence.
... Read more
Warning: disturbing a war memorial can provoke all out cyber war--at least in Estonia. On April 27, 2007, Estonia officials relocated the "Bronze Soldier," a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis, a move that incited rioting by ethnic Russians and the blockading of the Estonian Embassy in Moscow. It also started a large and sustained distributed denial-of-service attack on several Estonian Web sites, including those of government ministries and the prime minister's Reform Party. A denial-of-service attack (DoS) occurs when someone directs a large number of requests to a target URL; the requests occur so quickly that the Web server can't respond and the site becomes inaccessible to everyone. A distributed denial-of-service attack (DDoS) occurs when hundreds or thousands of compromised computers are enlisted. Within the last week, the intensity of the attacks diminished.
Arbor Networks' Jose Nazario has now blogged his analysis of the Estonian DDos attacks. He reports that Arbor Networks recorded 128 unique DDoS attacks on Estonian-based URLs. Most lasted less than one hour, with the longest lasting 10 hours and 30 minutes. As for the strength, measured in how many packets of information flooded the given URL to make it inaccessible, the attacks were relatively light, with only ten of the attacks measuring 90-plus Mbps, including one of the 10-hour attacks. At its peak on May 9, the attack shut down up to 58 sites at once.
That's a lot of fire power, and it suggests the use of "botnets"--collections of compromised home and office computers worldwide. In this scenario, a "botherder" directs thousands of compromised computers to request simultaneous access to a single URL, effectively shutting down that site. Computer Security Incident Response Teams (CSIRTs) in several countries, as well as NATO, have assisted the Estonian government in handling the attacks. Early analysis suggests the attacks may have originated in Russia.
- prev
- 1
- next
