The computer worm known as Conficker that has infected millions of PCs around the world stirred yesterday and raised new fears that the hackers behind the worm are gearing up to cause mischief, but experts say their intentions are still mysterious. The worm went active on April 1, but it didn’t seek to disrupt networks and didn’t harness infected computers to send out waves of spam. The lack of a clear business model for Conficker … had confounded researchers and analysts. In fact, it was one of the reasons why there was so much attention paid to the worm’s new communications scheme activation date: Everyone wondered what it would do on April 1 to monetize the effort spent collecting a massive botnet [Computerworld].
Over the past two days infected machines have begun to download additional software, but so far the results still haven’t been as dire as many experts originally predicted. According to varying reports, some computers are just preparing to run a small-scale scam on their users, while others have adopted an existing email worm that can steal passwords and send spam. The latter function may be more troublesome, some experts say. The consensus within the computer security industry is that although there are now some indications that Conficker’s authors are intent on building a giant spam system, there is no hard evidence. “This is just Step 5 in a thousand-step chess match,” [The New York Times], said security expert Vincent Weafer.
Some experts monitoring Conficker infected computers say the worm is downloading and installing fake security software. Often called “scareware” for its habit of trying to spook users with bogus infection warnings — then dunning them with endless pop-ups until they fork over up to $50 to buy the useless program — such rogue antivirus software has become a huge business [Computerworld].
Other observers detected the spam program that had been placed via Conficker’s built-in peer-to-peer (P2P) communications capability, which allows large groupings of infected systems to hand off software updates and instructions being pushed out by the worm authors…. “There are still some unknowns here, but things are becoming a lot more clear, and it certainly seems they’re making a move here to finally monetize all this effort” [Washington Post blog], says Paul Ferguson, a researcher with the security company Trend Micro.
80beats: “Conficker” Computer Worm Wakes Up, but Fails to Sow Chaos
Cosmic Variance: The C Variant covered the Conficker worm before activation
80beats: Electrical Espionage: Spies Hack Into the U.S. Power Grid
80beats: Is the U.S. Government Losing the Battle Against Hackers?
80beats: Computer Virus Travels Into Orbit, Lands on the Space Station
80beats: Russian Invasion Included the First Real Use of “Cyber Warfare”