Mystery of the Conficker Worm Continues: Does It Want to Scam or Spam?

By Eliza Strickland | April 10, 2009 8:55 am

computer networkThe computer worm known as Conficker that has infected millions of PCs around the world stirred yesterday and raised new fears that the hackers behind the worm are gearing up to cause mischief, but experts say their intentions are still mysterious. The worm went active on April 1, but it didn’t seek to disrupt networks and didn’t harness infected computers to send out waves of spam. The lack of a clear business model for Conficker … had confounded researchers and analysts. In fact, it was one of the reasons why there was so much attention paid to the worm’s new communications scheme activation date: Everyone wondered what it would do on April 1 to monetize the effort spent collecting a massive botnet [Computerworld].

Over the past two days infected machines have begun to download additional software, but so far the results still haven’t been as dire as many experts originally predicted. According to varying reports, some computers are just preparing to run a small-scale scam on their users, while others have adopted an existing email worm that can steal passwords and send spam. The latter function may be more troublesome, some experts say. The consensus within the computer security industry is that although there are now some indications that Conficker’s authors are intent on building a giant spam system, there is no hard evidence. “This is just Step 5 in a thousand-step chess match,” [The New York Times], said security expert Vincent Weafer.

Some experts monitoring Conficker infected computers say the worm is downloading and installing fake security software. Often called “scareware” for its habit of trying to spook users with bogus infection warnings — then dunning them with endless pop-ups until they fork over up to $50 to buy the useless program — such rogue antivirus software has become a huge business [Computerworld].

Other observers detected the spam program that had been placed via Conficker’s built-in peer-to-peer (P2P) communications capability, which allows large groupings of infected systems to hand off software updates and instructions being pushed out by the worm authors…. “There are still some unknowns here, but things are becoming a lot more clear, and it certainly seems they’re making a move here to finally monetize all this effort” [Washington Post blog], says Paul Ferguson, a researcher with the security company Trend Micro.

Related Content:
80beats: “Conficker” Computer Worm Wakes Up, but Fails to Sow Chaos
Cosmic Variance: The C Variant covered the Conficker worm before activation
80beats: Electrical Espionage: Spies Hack Into the U.S. Power Grid
80beats: Is the U.S. Government Losing the Battle Against Hackers?
80beats: Computer Virus Travels Into Orbit, Lands on the Space Station
80beats: Russian Invasion Included the First Real Use of “Cyber Warfare”

Image: iStockphoto

  • William

    Very useful article and valuable information is available i.e., about the mystery behind getting the PC’s infected.

  • Nick

    Why doesn’t someone just reverse engineer it and then start spreading a copy that hijacks the old confickers to spread it’s own cure (kinda like we’ve hijacked AIDS virii in attempts to attack cancer)? We could turn the P2P botnet inside out into a P2P antivirus/spyware botnet…. I mean, why not?

  • FILTHpig

    Why not? Because the anti-virus companies are the one’s releasing the virus! Conspiracy!!!

  • A woman

    a conspiracy theorist to the heart you are filth………… your comment is not even being listened to . go back to you basement and hide.


Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!


80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.

See More

Collapse bottom bar