• Company
  • About US
  • NEWS
  • Development
  • Contact US
  • Sitemap
• Partners
  • Become A Partner
  • Reseller/Distributor
  • Links
• Solution
• Download
• Services
  • Professional Security Services
  • WEB Security Services
• Products
  • DAS-DBAuditor
  • DAS-WEBMonitor
  • DAS-LOGAuditor
  • DAS-WEBSCAN(MatriXay 3.0)
  • DAS-DBSCAN
  • DAS-WAF
• Home

Security researchers continue hunt for Conficker authors

Source:SearchSecurity

Attack in progress detects website errors and injects malicious scripts.

There are several ongoing investigations attempting to find the authors of the Conficker botnet, one of the fastest spreading worms in history, but those responsible for the worm have proven elusive.

Security expert Mikko Hyppönen, chief research officer at F-Secure Corp., said he is aware of several ongoing investigations, but was asked specifically not to leak details about them. He said investigators have to be especially careful not to leak information because security researchers have determined that the cybercriminals behind Conficker are staying informed.

"They proved over and over that they are watching and will react to what's going on," Hyppönen said.

Hyppönen is a member of the Conficker Working Group, a consortium of security researchers, registrars, ISPs and law enforcement. The group continues to monitor the botnet for signs of life, but so far they haven't heard a peep out of the remaining several million infected zombie machines.

Conficker emerged in October 2008 and quickly infected up to 10 million machines, according to some estimates, before the security industry combined forces to defeat its communication network, effectively blocking the pathway each zombie machine used to seek orders from their controller.

Researchers are taking the worm's coding apart piece by piece to try to find clues to where it originated. Meanwhile, law enforcement is involved, helping researchers track down IP addresses and the individuals connected to a specific DHCP pool, a collection of IP addresses part of a specific wireless network.

Microsoft is offering a $250,000 reward for information leading to the arrest and conviction of the Conficker authors. The technical Internet connection trail has plenty of missing pieces, said Joe Stewart, director of malware research at SecureWorks Inc. The bots researchers have been following have not been used, he said.

Law enforcement is waiting for a money trail to follow, but as the investigation grows older, it's becoming increasingly unlikely that anyone will be prosecuted for Conficker, Stewart said. The few clues that investigators have been able to glean are prompting experts to believe the authors can be traced to a former Soviet bloc country.

CONTACT US >>