We’ve all seen movies where the hero or heroine has just days or hours to live. This genre is always suspenseful.
On Wednesday, IT administrators and security folks all over the world may find themselves living an action movie plot. The highly publicized Conficker worm is set to go off on 1 April .
I won't belabour the April Fools jokes that have been inevitably bouncing around the Internet. Conficker is not a joke. It is a highly sophisticated piece of malware that has already infected millions of hosts.
No one seems to know exactly what will happen on April 1 when Domain Generation Algorithm, or DGA , is activated. It can't be good. At the very least it is going to generate a bunch of traffic and at the worst, well… Here is SRI’s diagram of Conficker C:
Conficker exploits a known Microsoft vulnerability and affects some of the underlying network protocols we use everyday such as RPC and SMB. Last week I had an interesting conversation with Tom Cross, Manager of the IBM-ISS X-Force Advanced Research team, and he pointed out that Conficker was going to illuminate the basic, everyday security tasks, like patching and password management, that are integral to today's enterprise networks.
This worm takes advantage of unpatched systems and weak user passwords. Conficker could be the world's biggest penetration test.