Cybercrime fighter Eugene Kaspersky believes, Conficker botnet, could have been worse had the botnet been after more than just money. These cyber criminals are high end engineers, they write the code, using the cryptographic system, and they don’t make mistakes. These cyber-criminals are really professional. Kaspersky is about 60% certain that these cyber-criminals are from the Ukraine, but he can’t prove it right now.
Kaspersky goes on to say, The unknown threat posed by Conficker, that hit about 10 million Windows based computers prior to April 1, prompted a coordinated response by Kaspersky, Microsoft, Symantec, Internet Corporation for Assigned Names and Numbers (ICANN), the Federal Bureau of Investigations' Cyber Division, all these agencies were involved in trying to head off Conficker at the pass.
What Conficker does is attacks the domain name services layer as opposed to the application layer. The Conficker worm uses an algorithm and generates predetermined URL’s and if they are alive, conficker will try to get its new marching orders if you will. Because of the efforts of the campaign they were able to crack algorithm and conficker was blocked, but conficker is not done by a long shot.
As I mentioned earlier Conficker was targeting the Internet's Domain Name Service layer, which is equivalent to the Internet address book. The application layer has as typically been used as the attack vector, but now we see DNS resolution used as the command and control center. Here is where this gets really interesting. Botnet operators in Russia, however have started to cooperate and work with each other, this is according to security specialist from Russia.
The different botnet will work in cooperation, one will say I’m just a bot herder, I don’t care about money laundering, another bot will say we do fraud; another will send out spam, or maybe do money laundering. It is almost like a manufacturing business. This is where it starts to get weird, these guys are starting to work together and they have already got some very intelligent people behind it.
So the worm used algorithm that generated a list of domains, and everyday it produced a new list. It looked for these URLs, and if they were online, the worm was designed to download upgrades form the URL. The group was able to exploit the algorithm and determine which URLs that conficker was going to go after and block those URLs.
There were evidence of a recent nine-hour attack on CheckFree, an online bill payment site and used by about 22 U.S. financial institutions, that resulted in a two-day shut-down because of its online servers through DNS resolutions were affected and when people would go to CheckFree they were directed to another site, which would download malware on their computer. So they are using DNS to re-direct you to a bad site and depositing this stuff on your computers.
Now we know that the bot net operators are concluding together, they have some very topknots people there and are playing with some of the very basic plumbing of the Internet.
The article finally ends with Kaspersky saying "It's a major example of their Internet weapon, because the bad guys can use a botnet this size, not just for commercial interests, but other interest also." Kaspersky makes it clear he does not admire these guys, yet there is this undeniable sense of respect.
These are just not little 16 old hackers out there this is becoming a big business, a global operation. These cyber-criminals are going to continue working together. This is what makes securing your network even more imperative, even if you have a small business and a tight budget. If you are going to have data on your network that you need and you want to keep it secure, you can’t ignore your security.
This goes to show you some of the finest mind in the virus fields and in computer sciences; saying we have some nasty stuff heading our way. These people are not amateurs. Maybe I am being an alarmist. I don’t think so. Even if you have a small business or a home office, it does not hurt to learn about security risk implementing firewall, teaching your user how to avoid suspicious email securing your email. Some of these things can be done free of charge and greatly enhance your security. It is going to get worse as these cyber-criminals get better and better.
The Essential Blog 
Subscribe
