7 Million still infected by Conficker A+B+C

Conficker may be forgotten, but it's not gone...

Conficker stats and charts page

 

Interesting new article on Conficker in The Atlantic...
http://www.theatlantic.com/magazine/print/2010/05/the-enemy-within/8098/

 

@mvario

Thanks for updating

Very good read, and i liked his analogies which would make it easily understandable to a lot more people. Some journo's write too much techno babble that isn't as straightforward for most people to absorb, if at all.

I knew Conficker used crypto, but i wasn't aware of the MD-6 SHA-3 encryption aspect that they incorporated into it. And the proposal for the new standard was only submitted about a month before Conficker first appeared. Very clever

One of the best accounts i've read on ANY malware etc

 

How effective is the Conficker Eye Chart these days?

 

Good Read Indeed

 

I enjoyed the article myself, but I'm still a bit confused about the use of MD6. The author talks a little about public key encryption but MD6 is a hash (one-way) algorithm (used for signatures, authentication, etc), so I'm not really understanding its place in Conficker.

 

Wow, creepy. I had no idea that Conficker was so expertly engineered. Wonder what the heck it's being used for.

Edit: and one other thing - the article states that Conficker can exploit its hole even on machines that are firewalled. How on Earth is that supposed to work?

 

Great read. Wonder what's next "D"?

 

Hmm, I found this line funny:

I don't think so. The Windows updates only patch the core OS and other M$ products (Office, IE, etc.). They do not patch any other software running on the machine. And since most software still requires admin access, this means vulnerable 3rd party software = total machine pwnage.

Also the article seems to imply that SHA-2/3 is an encryption cipher. It is not. It's a cryptographic hash function (so is MD6) that is used in conjunction with a cipher like AES. There is a difference.