The Conficker Worm: What Happens Next?

60 Minutes: Computer Worm Could Receive New Instructions On April 1

(CBS)  Stahl asked Google what they're doing to deal with these big problems, because their search engine is what most people use to surf the net.

Stahl went to talk to Vint Cerf, one of the founding fathers of the Internet, and now a vice president at Google. The company itself says that one in every 100 Google searches brings up an infected site.

"People are blaming Google 'cause if you do the search, they say, you - Google - should be responsible if we get infected," Stahl remarked. "Now you’ve heard that."

"I have heard that, and I think that's a very bizarre way of looking at things," Cerf replied.

Google's position is that it's not the policeman of the Internet, but its engineers do scour the Web and issue warnings about malicious infections, or malware.

"If we happen to see what we believe is malware on that Web site, then when you go there we will pop up a Web page and it says, 'We think we found malware on this site. Maybe you don't want to go there,'" Cerf explained.

"Now I understand that if you go there anyway, Google sends you a second warning, saying: 'Are you kidding? Are you serious? We told you not to go there.' Something like that," Stahl said.

"Of course people still go," Cerf acknowledged. "And at that point it's their problem."

"The more you hear about this, the more you feel that if you bank online, shop online, open an e-mail, I mean, that almost anything you do puts you in jeopardy," Stahl remarked.

"That's a true statement. There are things. Bad things can happen. On the other hand, I’ve been on the Net ever since the Net started, and I haven’t had any of the bad problems that you’ve described," Cerf replied.

But tens of millions of people have - one if four Americans, according to recent reports, as the hackers get more and more sophisticated.

Don Jackson is a hacker hunter. He is director of threat intelligence at SecureWorks in Atlanta, which protects corporations against cyber-attacks and tracks the hackers who launch them.

"Part of my job is to know the enemy, to know our adversaries," he explained.

To Jackson, the enemy is a hacker. "An enemy is somebody who wants to use computers to hurt somebody else or to make money for themselves."

Using an assumed name, "Gozi," Jackson infiltrates chat rooms where hackers sell their worms and viruses to their clients: other hackers. He asks for a demo so his company can create software to disable the malware. The hackers, he says, are typically young, male and often from Russia.

Asked how he tracks them down, Jackson said, "Well, they're like any other business. They have to advertise to get clients."

As Jackson explains, these brazen hackers do this openly on the Internet. "Unfortunately they’re all too easy to find," he said.

He says many Russian hackers are in cyber-gangs that display fascist symbols, like a Swastika and anti-American artwork. They boast about all the dollars they’ve stolen from the rich Americans. A single hacker can make $30,000 a month and be championed in local newspapers.

"There’s an example recently where two boys were arrested actually and then let go the next day, but the article in the newspaper wasn't that they were arrested and that they committed a crime, but saying: 'Look at our two local boys made good. They’ve cheated some greedy Westerners out of so much money,'" Jackson explained.

"They’re heroes," Stahl remarked.

"They are," he agreed. "And it’s bringing money into the local economy."

---

A correction: 60 Minutes made a mistake in using a photograph in our story called "The Internet is Infected." The picture was described in the story as a group of young Russian computer hackers which was inaccurate. The picture, provided to us by an Internet security company, had appeared on a Russian hacker magazine Web site.

---

It’s not known who's behind the computer worm Conficker, whether it’s a gang of Russian hackers or some solitary evil genius. This worm is wily - it keeps mutating. Security software companies have been kept very busy.

But Conficker can jump over protections. While Stahl was reporting this story in early March, she was stunned to learn that the wily worm had struck CBS News.

"People were havin' problems with their BlackBerries, their logons," explained Louie Pelaez, a network engineer.

He says Conficker is so aggressive, it took CBS technicians 24-7 over 10 days to hunt down and quarantine the affected computers.

"Do you actually know where it started? Can you pinpoint it?" Stahl asked.

"We really will probably never know exactly how it infected the network," Pelaez said. "We just know that, you know, once it hit, it began to propagate."

CBS News has now contained the infection, but Pelaez says Conficker could still be hiding undetected somewhere within the network.

Asked if he thinks CBS is safe, or if this could happen again, Pelaez told Stahl, "No, I pretty much thought that we were pretty solid. You try to secure a network. But there’s no guarantee that somebody can't come up with something that will, you know, wreak havoc."

---

Conficker investigators have been talking about an April Fool's attack, because in dissecting the worm, they can see it's been programmed to receive new instructions on April 1. But nobody knows if the instructions will be benign, or something that could disrupt the entire Internet.

[ecom2000]

When I saw the 60 Minutes documentary on the Conficker virus and thought I would pass on some information about the prevention and removal of this scary virus.

The virus is stoppable using eScan Anti Virus software and it can be removed using the eScan Anti Virus Utility Tool, which has been available for some months to stop the virus from infecting your computer or the removal of it should a computer be already infected.

We ourselves have been using the virus utility tool to remove the Conficker worm from client?s computers when they are using other brands of anti virus software for a number of months now and those of our client?s who are using eScan have not been infected, including our own computers.

eScan is the only brand of anti virus software to use a revolutionary patented process, MicroWorld Winsock Layer (MWL) to detect dormant and active viruses in real time, which deletes them before they can get through to the hard drive. It also has a host of other features to protect computers, such as, web page content scanning, a powerful firewall, popup blocker, real time virus scanning for all types of viruses (including malware, adware, keyloggers, hacking & spyware), parental control, hourly virus signature updates and real time virus & content scanning (plus much more).

A manual is available http://computersolutionsnz.co.nz/conficker.pdf on the Conficker virus, which covers, a description of the virus, how to protect computer and how to remove the virus. You can download the virus utility tool to remove the virus from this link: http://www.computersolutionsnz.co.nz/mwav.zip.

[canuckuk]

It is shameful for 60 minutes not to say anywhere in its reporting that the Mac and UNIX and LINUX operating systems are immune to the Conficker worm.

This is a legitimately fear based story. It is critical that all exceptions are mentioned. It is ridiculous that they don't mention the types of computers this worm does not infect.

Step it up - rise to a higher journalistic standard and properly report the facts behind this issue.

[riseofthethorax]

PS- I also created the website http://www.chann3lz.com/ , it's a youtube jukebox that anyone can contribute to. The help videos that link off of chann3lz go to my user account.. And now that I know I can put url's in my messages, I can give you a direct link 8^| oh brother..

http://www.youtube.com/user/rofthorax

[riseofthethorax]

What happens next?

EVERYONE SWITCHES TO "UBUNTU LINUX"

It's only the smartest move you'll make. I've been using it for two years, and
had Windows XP before that, for years.

Then you can run Windows in a sandbox environment like VMWare or Innotek Virtualbox..
Where you can run your programs without worrying about what the virus will touch.

But then again, you can do all your web browsing, email and office stuff in Ubuntu, so why would you need to go back to Windows? Serriously..

Games?

Search youtube for user "rofthorax" that is me, I have 370+ videos in my channel, most demonstrating games I can play in WINE, a free program that runs windows programs without using Windows, and without the slowness of an emulation. For instance, the entire "Valve Orange Box" will play in WINE, "Oblivion" runs in wine, Left4Dead does, so does COD4.

And WINE is only getting better..

BTW I watch all my Internet video in Ubuntu Linux, I'm typing this on a Thinkpad T30 I bought for 212 dollars on ebay, and effortlessly installed Ubuntu Linux. I first heard this story from the podcast feed that my audio podcast client "IcePodder" got for me.. Honestly, I never thought I'd be able to maintain the use of Linux, even though I know a lot about computers, but it's not as hard as I thought it would be. It's a learning experience, like any computer operating system, but once your get oriented its like any other.. Just, no viruses!!!

[riseofthethorax]

Ubuntu Linux doesn't have this problem.. Also you can use WINE to run windows programs, but a worm of this kind wouldn't work on WINE because WINE runs programs non-continuously (programs run in a Windows API wrapper, but not in a continuous Windows OS).

Search youtube for UBUNTU Linux. It's much more secure than windows, because it doesn't force you to go looking for software on untrusted sites, software that may contain malware like this.

Not to say that Linux couldn't have a virus, just that given the complexities of Linux, that it is custom compiled for each distribution, it's unlikely that a virus or worm could take advantage of all the Linux distributions. Ubuntu would probably be the first to be hit, as it is the most popular now, but it is a fraction of the popularity of Windows. However Ubuntu is as capable as Windows at the same sorts of chores.

Get a free (forever) copy of Ubuntu Linux today. Google for "Ubuntu" .

[JamesMorehead]

Additional information from support.com on Conficker (written in layman's terms): https://www.support.com/feature/conficker-virus-protection.

[cbsantispin]

To follow up on my comments about IBM selling Linux which by it's very nature is "FREE" based on the way Linux is Licensed, many are realizing big profits and selling "FREE" Linux and making money off Linux anyway, the way companies are getting around the "FREE" Linux License is by so-called "adding value" in the form of support or extra features not available in standard "open" Linux. But this still violates the overall spirit and philosophy of Linux which is a "free open source community and user supported environment!". IBM is notorious at selling value added "FREE" Linux and making big profits and while IBM is in the "black" and doing well, corporate greed is stil the order of the day, for example IBM is laying off 5000 U.S. workers and outsourcing their jobs to India! IBM is offering some of those being laying off jjobs in India if they move to and work in India at a quarter of their current salaries! Imagine if you worked for IBM making $65,000 a year and IBM told you in order to keep your job you had to move to India and now make $17,000??? That's whats going on folks, check out this NBC Evening News Report @ http://www.msnbc.msn.com/id/3032619/#30036628 and see for your self! Pure Corporate greed at the expense of American jobs, no patriotism at all.

[cbsantispin]

Microsoft set up shop in the nation of India "big". India adopted Microsoft and Windows hook, line and sinker! Microsoft is just as big in India as it is in the United States. So what's the point? The point is, many U.S. Corporations outsourced their IT work to India because of cheap labor and continue to do so. A lot of personal and private data about Americans is in India's computers, not America's computers! Initially most of this data was located in American computers located in the U.S., where India IT workers logged in to American computers from India, but to speed up processing time, American data ended up being stored in India! Yes, a lot of America's privacy and corporate data and the information it creates is in India "physically"! The computers with America's data located in India may be classified as American owned computers, but I personally define American computers as being located "physically" in the U.S., its a subtle fine point that matters because of legal issues. In this matter of Windows being unsafe and vulnerable to Unix and Linux access, how does the U.S. know its data in India's Windows computers is not being accessed and hacked? It's a fair question.

[OS11]

no, tiotom77 it's nothing like 3 mile island, it's more of a fender bender at a mcdonalds parking lot.

this worm wouldn't affect banks or medical establishments, it only would touch non-savvy computer owners. most banks and medical systems are on Unix, not windows so there is little to worry about.

[tiotom77]

Just Like Three Mile Island, this Conficker worm is a wake up call.We shouldn't get too reliant on computer filing systems. Our financial records are already available over the internet and soon our medical records will be computerized. We better keep paper backups.