Whatever Happened To The Conficker Virus?

Though it's been out of the headlines for some time, the Conficker virus is alive and well. Researchers say it appears the virus has kept working despite little if any attention from its creators.

According to Mikko Hypponen of F-Secure, one of the firms investigating the virus, there are still more than 5.5 million computers infected by Conficker, with Brazil, Vietnam and China particularly affected. That may be because computer owners there are less likely to be able to afford security software and more likely to be running pirated copies of Windows which are less likely to update Microsoft's security updates.

Security Experts Suspect Ukraine Connection

As part of his address to a major security conference, Hypponen voluntarily chose to keep some key details of investigations quiet to avoid tipping off the virus creators and potential imitators.

He did reveal that many security experts believe Conficker's creators are based in the Ukraine. That's because it closely resembles a previous virus whereby the owners avoided spreading it in the country so that they couldn't be charged with a local crime. (Source: computerworld.com)

Conficker One Step Ahead

Hypponen talked at length about Conficker's sophistication. It's specially designed to shut down one of the key tools security researchers use to track a virus's movements. And it throws researchers off the scent by encrypting its communications with the MD6 algorithm, one of the most advanced encryption techniques available. Conficker appears to be one of the first computer systems (legitimate or otherwise) to use it.

Roel Schouwenberg, a senior researcher at Kaspersky, gave more insight into Conficker's creators. He told Internetnews.com that the authors appear to have abandoned the virus for now, but the way the network of infected machines is set up means it is able to continue spreading and replicating by itself.

One of the key goals for the security community at the moment is making sure that other criminals are not able to seize command of the network. (Source: Internetnews.com)