Infosecurity

World awaits Conficker worm attack

By Robin Hicks | 1 April 2009

April Fool’s cyber security threat Conficker.c has failed to wreak havoc – yet – although a veteran hacker has warned Asian Security Review that the PC worm still has the potential to cause widespread damage.

View photos

Related Categories

• INFOSECURITY

From this Section

• NEWS

Val Smith, founder of ‘white hat’ hacker firm Research Attack, told ASR that the Clicker.c bug is capable of causing a large denial-of-service attack (DDoS), which would render major web sites, such as Facebook or Google, unreachable to users.

“I think Conficker.c can cause a big DDOS – ie take down important sites,” Mr Smith wrote via instant messaging service AIM.

However, the reformed cyber criminal said that if the worm was to strike, it would only cause a ‘blip’. Others disagree. Unlike viruses, worms self propagate, spreading by networks. “Once it’s out there, it’s very difficult to stop,” said Chris Pirillo, a technology expert.

He predicted that “the worst possible outcome” would be that some computers would run “suboptimally,” as network traffic becomes clogged.

Its ability to do that is cleverly designed: Conficker.c has a feature that disables the Windows update program in the Microsoft product, keeping Windows from becoming patched, Pirillo said. It also disables the auto-update capabilities of many anti-virus software programs.

Pirillo said it may be a week or more before the true impact of the worm is known, but he predicted it will have one.