Countdown to Conficker

Posted by Robert Siciliano on March 30th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Security officials around the world are anticipating the Conficker strike.

60 Minutes reports on everything we have discussed in these posts. Mainstream media has recognized that the Internet is infected with a cancerous virus. Criminal hackers are creating viruses which are infecting websites in record numbers, all in the name of money.

Security professionals are losing sleep as they race against the bad guys in anticipation of the next big breach.

Conficker is big news as it's infecting mainly corporate networks at an astonishing speed. An estimated 10-12 million PCs have already been impacted, and this sleeper cell is supposed to get its next set of updates on April 1st.

Like Al-Qaeda operatives living amongst us, cyberterrorists waiting for their next communique from a remote cave, Conficker waits to strike.

Nobody knows what's going to happen on April Fools, but security professionals have a plan. Do you?

By all accounts, Conficker has the potential capacity to steal personal information or launch a massive denial of service attack which encompasses massive amounts of data, flooding the Internet and bogging down mainframe servers that distribute data to our inboxes.

60 Minutes followed the example that I set on CNN, describing a Facebook hack by using a Morley Safer Facebook account that may be hacked with Conficker. The account begins to send messages to Morley's friends. Then Leslie Stahl, who is one of Morely Facebook friends, receives an email that appears to be from Morely's Facebook account. The message instructs him to click a link to watch a video. That video has a destructive payload that infects Leslie's machine and the virus replicates itself to all of Leslie's contacts. Now Morely and Leslie's PCs have a virus that records all their keystrokes. Bank accounts are cracked, credit card logins are stolen, the contents of their My Documents folders are copied and sent to Turkey and ultimately, their identities are stolen. People who don't have identity theft protection face years of dealing with creditors who accuse them of being bad debtors.

Malware is showing up on thousands of websites that are compromised in numerous ways and infecting computer users whose defenses are down.

Most attacks can be prevented with updated anti-virus software like McAfee. But with an estimated 15,000 new infections daily, it's difficult for average users to protect themselves unless they are automatically downloading virus definitions. And that may not be enough.

Criminal hackers come in all shapes and colors from every corner of the world. Russian hackers are often depicted as the best of the worst. These cybercriminals are often put on a pedestal in their communities, as they brag about their accomplishments, hacking wealthy Americans, stealing tens of thousands of dollars monthly and spending that money in their remote villages.

Russian authorities generally don't prosecute and may even employ criminals to steal from greedy Americans. As long as hate and money are motivators, foreign governments will groom and incite talented 14-year-olds into a life of crime.

This story is far from over.

Robert Siciliano, identity theft speaker, discusses online banking security here.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• How to report a fake profile page on Facebook
• Facebook exposes personal information of up to 80 million members
• Fake Facebook profile page victim awarded $43,000 in damages
• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• Facebook moves to protect users in partnership with 49 states