There have been two high-profile malware stories in the news this week. The first is a report from our friends and colleagues at the University of Toronto’s Munk Center for International Studies. As reported by the New York Times:
A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.
The interesting thing about this spy operation is that, according to the report, it uses pretty standard and widely available malware, combined with spear phishing (i.e., targeted communications), to spy on a specific set of targets.
The second second centers around the Conficker worm, which has been around and multiplying rapidly for the past few months. The reason it has suddenly gotten press this week is that it contained a mechanism to automatically update itself on April 1. As Brian Krebs notes on his Washington Post blog:
Computers already infected by the worm are supposed to be automatically updated with some unknown software component on April Fools Day. That’s more or less the sum of what computer experts know about the rhyme or reason behind this worm, but it hasn’t stopped pundits and the press alike from issuing ominous warnings.
Krebs isn’t alone in thinking the warnings may be exaggerated. Halfway through April 1, PC World notes that not much has happened so far, nor is much expected:
Among security experts, the consensus seems to be that very little will happen today. This may be in part because of the high amount of publicity Conficker has received, but then again April 1 is not the first time Conficker has been programmed to change the way it operates. Similar trigger dates have already passed with little change, including January 1, according to according to Phil Porras, a program director with SRI International. Security experts at Symantec, the maker of Norton Antivirus, also believe the threat is overblown and says Conficker today will "start taking more steps to protect itself" and "use a communications system that is more difficult for security researchers to interrupt."
This doesn’t take away from the fact that Conficker is a widespread, potentially dangerous piece of malware. The industry is concerned enough about it that many organizations have banded together to create the Conficker Working Group to share information about its prevention and removal. The fact that Conficker continues to evolve to make the security world’s job more difficult highlights the severity of this particular malware. I think the working group is a great sign, as this is exactly the kind of cooperation and information sharing necessary for the good guys to effectively fight back against the bad guys.
