Conficker Update

The New York Times reports that it’s still out there and still mutating. So far, it’s continued to spread, but otherwise has given no sign of doing anything else.

The Times claims that the AV researchers are impressed by the quality of the engineering that continues to go into Conficker, but that they still have no idea what it’s supposed to do. They think it must have some purpose to warrant the amount of energy that has been used to improve and propogate it.

Excerpt below the fold.

Researchers speculate that the computer could be employed to generate vast amounts of spam; it could steal information like passwords and logins by capturing keystrokes on infected computers; it could deliver fake antivirus warnings to trick naïve users into believing their computers are infected and persuading them to pay by credit card to have the infection removed.

There is also a different possibility that concerns the researchers: That the program was not designed by a criminal gang, but instead by an intelligence agency or the military of some country to monitor or disable an enemy’s computers. Networks of infected computers, or botnets, were used widely as weapons in conflicts in Estonia in 2007 and in Georgia last year, and in more recent attacks against South Korean and United States government agencies. Recent attacks that temporarily crippled Twitter and Facebook were believed to have had political overtones.