TMCnews Featured Article

Back in 2003, Microsoft (News - Alert) established a reward program with a $5 million war chest to encourage people to capture renegade programmers of computer viruses and worms. In 2005 Microsoft paid out to two people $250,000 who helped finger 18-year old German computer science student Sven Jaschan from Rotenburg, Lower Saxony, the creator of the Sasser worm — so named because it spreads by exploiting a buffer overlow in the LSASS (Local Security Authority Subsystem Service) component of Windows XP and Windows 2000 operating systems — who was ultimately arrested and sentenced by the German authorities.

 

Microsoft also offered rewards of $250,000 concerning three other computer worm threats known as Blaster, MyDoom and Sobig worms, but the masterminds behind those have never been caught.

 

And now, partly because the world has not seen a worm outbreak of this type since 2004, and for the first time in four years, Microsoft is offering a reward of $250,000 to anyone who can uncover who is behind the Conficker worm. Conficker, also known as Downup, Downadup and Kido, first appeared in October 2008, targeting and infecting millions of Microsoft Windows operating systems-based PCs. The worm exploits a known vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008. Linux and Macintosh systems are unaffected.

 

The name “Conficker” is a German pun, meaning “program that manipulates the configuration,” and pronounced like the English word “configure.” “Configuration” is typically abbreviated “config.” Conficker is constructed from the first five letters of “configuration,” while adding four letters to the end so as to end with “ficker”, a vulgar nominalized form of the German transitive verb ficken, which is common German for the English “f**k” (if you know what I mean).

 

It infects PCs either through a net connection or hitching a ride on USB memory sticks. It gets a surprising amount of mileage by simply guessing some of the less complex usernames and passwords. Upon self-installation, it can seteal data or sieze control of a PC and turn it over to hacker/creators as part of a group of machines known as a “botnet.”

 

The original hacker/creators receive information from the virus when it “reports in” via a visit to a we domain. The Conficker worm also self-replicates in networks of computers that don’t have a reasonably updated set of Windows security patches, in particular Microsoft’s MS08-067 patch, also known as KB958644.