Friday, August 28, 2009

defying experts - rogue computer code still lurks

NYTimes | Like a ghost ship, a rogue software program that glided onto the Internet last November has confounded the efforts of top security experts to eradicate the program and trace its origins and purpose, exposing serious weaknesses in the world’s digital infrastructure.

The program, known as Conficker, uses flaws in Windows software to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors. With more than five million of these zombies now under its control — government, business and home computers in more than 200 countries — this shadowy computer has power that dwarfs that of the world’s largest data centers.

Alarmed by the program’s quick spread after its debut in November, computer security experts from industry, academia and government joined forces in a highly unusual collaboration. They decoded the program and developed antivirus software that erased it from millions of the computers. But Conficker’s persistence and sophistication has squelched the belief of many experts that such global computer infections are a thing of the past.

“It’s using the best current practices and state of the art to communicate and to protect itself,” Rodney Joffe, director of the Conficker Working Group, said of the malicious program. “We have not found the trick to take control back from the malware in any way.”

Researchers speculate that the computer could be employed to generate vast amounts of spam; it could steal information like passwords and logins by capturing keystrokes on infected computers; it could deliver fake antivirus warnings to trick naïve users into believing their computers are infected and persuading them to pay by credit card to have the infection removed.

There is also a different possibility that concerns the researchers: That the program was not designed by a criminal gang, but instead by an intelligence agency or the military of some country to monitor or disable an enemy’s computers. Networks of infected computers, or botnets, were used widely as weapons in conflicts in Estonia in 2007 and in Georgia last year, and in more recent attacks against South Korean and United States government agencies. Recent attacks that temporarily crippled Twitter and Facebook were believed to have had political overtones.

Yet for the most part Conficker has done little more than to extend its reach to more and more computers. Though there had been speculation that the computer might be activated to do something malicious on April 1, the date passed without incident, and some security experts wonder if the program has been abandoned.