Sign In

Communications of the ACM

ACM News

The Worm That Nearly Ate the Internet

Artist's representation of the Conficker malware.

The Conficker malware infected 10 million computers.

Credit: Cathryn Virginia

Just over 10 years ago, a unique strain of malware blitzed the internet so rapidly that it shocked cybersecurity experts worldwide. Known as Conficker, it was and remains the most persistent computer worm ever seen, linking computers with Microsoft operating systems globally, millions of them, to create a vast illicit botnet, in effect, a black-market supercomputer. That much power controlled by its unknown maker posed an existential threat not just to any enterprise connected to the web, but to the internet itself.

Botnets, networks of secretly linked personal computers controlled by an unseen hand, have launched some of the most notorious dedicated denial of service attacks, flooding websites with so many data requests that they crash. A 2012 attack all but shut down online operations at major banking institutions. They also spread malware. Botnets were behind the WannaCry ransomware attack of 2017 which infected an estimated 200,000 computers in 150 countries and crippled computer networks at National Health Service hospitals in England and Scotland.

A cyberweapon called EternalBlue, stolen in 2017 from the National Security Agency's secret labs, has been used to attack the networks of entire cities — Baltimore is still struggling to free thousands of municipal computers infected just last month. Botnets also enabled Russia's meddling in the presidential election in 2016, sending millions of social media users false stories.

Conficker's botnet was easily capable of launching any of the above — and far worse. At its height, when it consisted of at least 10 million individual IP addresses, there were few computer networks in the world secure enough to withstand an attack from it. And yet it was used only once, to spread a relatively minor strain of "scareware" intended to frighten unsuspecting users into downloading fake antivirus software. That attack was surprisingly pedestrian, like taking a Formula One racecar for a slow ride around the block. Surely something bigger was coming.

But it never did. Why? Who created Conficker, and why bother if they were not going to use it?


From The New York Times
View Full Article



No entries found