Warning to My Friends

Here is my take on SRI's Conficker C "evolving snapshot"… The highly-organized group that developed a most-advanced Windows virus running on 2K, XP, and Vista platforms is continuing their work. The result? A Conficker C variant, discovered by SRI International on March 6th, uses the 2 x encryption and 2 x compaction security of A & B variants, adding "a significant layer of code obfuscation". C is such an upgrade that "as little as 15% of the original B code" remains, and these upgrades make the situation equivalent in WoW terms to millions of dragons running amok in villages with big fangs, impervious armor, and magical abilities to become invisible and render harmless any armies and weapons brought against them.

SRI believes the current internet addressing system could become unreliable, but based on the details, I think that horse has left the barn. There is no way to prove whether SRI's report you and I see is actually what we expect: apparently, C's "Security Product Disablement" can fool both security programs and operating system countermeasures, invisibly redirecting their calls home for antivirus definitions and program updates. It constructs ad hoc P2P networks with other victim hosts, and prevents various system safeguards, such as rollback to pre-infected restore points, disabling Windows security services, 3rd party security products, and it uses multiple cloaks… well, you get the idea. The speed of C's developers to implement countermeasures and the latest encryption is staggering.

The ability to upload and execute ANY code to millions of internet-connected computers threatens the net itself.

I'm going to do some extra backups and find my original OS discs.

Comments

Popular Posts