Print
Does anyone remember Conficker, the virus/Trojan that had its sixty seconds of fame several weeks ago when it seemingly had everyone with a computer paralyzed about the arrival of April Fools Day? Did any of you readers have any difficulties that day? My guess is that it passed as mine did, uneventfully.
So let us remember the dire warnings that had some people afraid to use the Internet on April 1.
The Warnings
Stories about Conficker have appeared in the technology press since at least last year. Last November reports appeared that noted Microsoft had been observing an increase in the spread of a new Windows worm. By the beginning of this year the story had broken out into the mainstream media. Fox News did a January story that began in bold type:
A computer virus that may leave Microsoft Windows users vulnerable to digital hijacking is spreading through companies in the U.S., Europe and Asia, already infecting close to 9 million machines, according to a private online security firm.
With the announcement that Conficker was programmed to do something nasty on April 1, the worm achieved total news saturation. On March 30, Harhad Manjoo wrote in Slate:
While security researchers warn that the worm’s creators may be planning on conducting fraud or even “information warfare” aimed at disrupting the Internet, nobody knows what terrible deed Conficker will ultimately pull off. What we do know is that Conficker is devilishly smart, terrifically contagious, and evolving.
A friend of mine who works for a state agency said they took the unprecedented step of warning employees about the threat to their personal computers. A couple of other friends even called saying that had heard the best defense was not to use the Internet at all that day.
The designation of April Fools Day as the date for some cyber-disaster also had skeptics wondering if the entire affair might be a hoax. When Conficker failed to shut down the world that day, it further stoked the skeptics. Most of us weren’t laughing, but breathing a sigh of relief.
The Consequences
Although I titled this essay as a question, there is little doubt that Conficker did and still does exist. The estimates of computers infected by Conficker vary from 9-15 million PCs, according to the Conficker Work Group. Most sources agree a majority of them are outside the United States. They also believe the number may be inflated because foreigners and others are using pirated copies of Windows that prevent them from downloading security updates.
Still the list of high profile victims is a distinguished one. It includes: the U.K. Ministry of Defence, the Bundeswehr, and the British Director of Parliamentary ICT. Then there was CBS.
I can remember watching with interest a Sixty Minutes story on the Trojan which dropped the observation that in the middle of doing the story, CBS itself had been hit. An interview with the network’s head of network security talked with a visible mixture of fear and amazement about how Conficker had somehow managed to penetrate the considerable protective measures they had set up and then kept the staff working 24/7 for several days trying to repair the damage.
He made Conficker sound almost superhuman, as if it were some evil spirit set loose in the ether to bring destruction on all computers. He talked about how just when they thought they had the threat corralled, the spirit would reappear somewhere else like some zombie raised from the dead that could not be killed. As he talked I had visions of that scene from The Night of the Living Dead where the corpses arise from their graves to torment the living. At the end of his interview he could not even be sure they had totally eliminated the threat.
There also was collateral damage caused by scammers hawking what has become known as “scareware”–worthless software designed to make money of your fears about the worm. These con artists would offer free scans of your computer and then sell you some piece of vaporware or worse, spyware. Others merely set up their own so-called Conficker prevention sites hawking programs.
The Nature of Conficker
We will leave it to the techie types to explain the workings of Conficker. Two German professors initially cracked some of the code and have published their findings on the Internet. They and others have noted several particularly nasty features about the worm.
First, it has an affinity for USB devices, seeking them out so it can plant itself in them. Second, its replication scheme is particularly ingenious, for not only does it mutate it communicates with its source for updates. Third, it exploits security problems in Microsoft Windows and Windows Server. In particular it exploits those who were slow to download an security update Microsoft issued last fall.
The targeting of Windows machines has prompted Microsoft to offer a $250,000 reward for the identities of its creators as well as prompting Microsoft to form a consortium to combat the threat.
A Theory
The fact that Conficker caused little or no problems for those of us with personal computers suggests there was a great deal of thought put into this entire attack. Normally Trojans that hit large corporations eventually migrate to the larger community of computer users because people bring them home with them. Once on someone’s home network a worm infects those computers and than usually quickly spreads by email to other users.
Conficker did not behave like that. Last November, technology reports noted:
The infection rate of Conficker.A worm is reported to be accelerating over company networks in particular.
An article in PC World echoed this theme.
Businesses worldwide are under attack from a highly infectious computer worm.
If normal Trojans are like a plague in that they spread exponentially from user to user with one infecting several infecting several more. Conficker seemed more like a bioterrorist attack that mainly infected large network targets.
Curiously I have not seen any comment on this in the technology press, although security experts have to be discussing it behind closed doors. Together they must be asking what the CBS tech guy has to be asking, “How could Conficker take down our entire network and yet not spread much beyond it?” The reporter and others involved in doing the story for Sixty Minutes did not have the virus on their home computers.
To switch from the biological analogies so often used with computer malware, Conficker behaved like one of those new smart bombs that flies in on a drone to its exact target and not like am old-fashioned artillery barrage.
What Can I Do?
If you have an Apple you have nothing to worry about. Like most malware these days, Conficker targets Windows machines.
For Windows users, if you regularly update your computer with Windows Update you should be OK. I should add here that I do not use automatic updates. I like to be able to pick and choose what goes on my machine. Second, it goes without saying to have good antivirus and malware protection. The programs regularly reviewed by various technology publications can tell you the strengths and weaknesses of each program.
For those like me on a fixed income, let me recommend two must-have programs. AVG has a freeware version of its antivirus program that has performed well for me for several years. Spybot is still the best anti-spyware program around. It is shareware and the task of updating it is becoming more daunting, so be sure to send them a contribution. They deserve it.
Worms spread from machine to machine only if you let them. People have been told to use email scanners, not to open strange emails and not to download images and programs from questionable sites, yet they continue to ignore the warnings. You know who you are.
Finally because of Conficker’s affinity for USB devices, be careful what you put on yours. USB devices have become a favorite way for people to smuggle things in to work. If you are going to do that then scan your USB device. You know who you are.
For the average home user, Conficker presently appears an over-rated fear. Let your network administrators at work deal with their security. As for your home networks and laptops just keep up your security—and, do backups.
A Warning
A second sub-theme of this month should be connections, for Conficker’s behavior suggests a new level of sophistication in paralyzing networks. We live in a world of interconnections, but those interconnections contain critical intersections that if they become disabled can disrupt an entire system.
Conficker is really about the current economic crisis and a warning about how bad it could become. It serves as a pointed reminder of how truly intertwined we all are and how little we really understand those interconnections from a truly systemic point of view.
Whirlwind
Conficker reminded me of an oral history interview I heard with Jay Forrester, the founder of system dynamics and one of a team that built Whirlwind–one of the early computers. Because of the technology of the time, Whirlwind ran on vacuum tubes, which in that application had a notoriously short life.
Whirlwind contained hundreds of these glowing cylinders, meaning that its design required a great deal of redundancy so that if one tube failed it would not take down the entire system. The designers also had to understand the location of the most critical intersections because you cannot build redundancy into an entire system.
Those old machines were massive enough as it was, but to design them with two–or even three of everything–would have made them impractical, defeating the whole purpose of their existence since having two of everything would have made them run incredibly slow. It also would have made it incredibly inefficient because a massive number of vacuum tubes would require a massive amount of cooling due to the heat generated by so many of them operating near one another.
Conficker and Whirlwind
Conficker tells us that in terms of our computer networks and the workings of this interconnected economy we really are in no better shape than in the days of Whirlwind. Malware can cripple a network the same way a failed vacuum tube could shut down that early computer. Yet unlike Whirlwind’s designers we lack understanding of where the critical intersections lie in a computer network or an economy.
Conficker represented such a disquieting event that those who were and still are involved in combating it are understandably not talking about how they fought it and what they learned from it. Yet the CBS interview suggests our systemic understanding may be more primitive than the designers of Whirlwind.
The Lack of Systemic Understanding
Typical malware prevention programs operate on what I term one-to-one relationships and an outmoded linear biological model. You can go online to any of the major antivirus companies and find a list of recent “threats” and how their newest “update” is preventing your computer from becoming infected with them. My edition of Spybot, for example, now contains over half-a-million potential threats–an exponential growth over the past few years.
I term this an outmoded approach because it is a bit like trying to prevent disease by vaccinating everyone against every known malady. We already know the unintended consequences of such an approach: by over-prescribing antibiotics for low-risk infections we have triggered mutations in viruses and bacteria that make them a great deal more lethal. Conficker is telling us the same thing about our technology systems.
The Economy
More ominously, Conficker also revealed in a systemic way the weakness of our intertwined economy. The “too-big-to-fail” financial and corporate institutions that are at the epicenter of this crisis are as vulnerable as their corporate networks, both literally and figuratively. Conficker is very scary because it revealed that malware is getting smarter. Another well-directed attack at the critical intersections of those networks could cripple the operations of “too-big-to-fail” corporations the way a bad vacuum tube could compromise Whirlwind.
If the technological infrastructure that sustains these “too-big-to-fail” institutions did fail it would be the economic equivalent of the infamous 1918 flu epidemic. As we learned from the mortgage crisis in addition to the technology that is at stake, the entire structure of these “too big to fail” firms is at risk. A string of bad loans is like a string of failed vacuum tubes in Whirlwind.
The Bottom Line
Conficker was no hoax. It was a warning shot fired at our entire networked world. It tells us that our current defenses are even more primitive than those in a half-century-old dinosaur of a computer. Maybe that explains all those guns sold by Cabelas noted in this month’s upcoming barticle on the Obama Administration. People are giving those running our networks a vote of no-confidence because those in charge just do not get it.
Print Posted by: liberalamerican
