Conficker also had an ingenious way of communicating with its creators. Every day, the worm came up with 250 meaningless strings of letters and attached a top-level domain name - a .com, .net, .org, .info or .biz - to the end of each to create a series of internet addresses, or URLs. Then the worm contacted these URLs. The worm's creators knew what each day's URLs would be, so they could register any one of them as a website at any time and leave new instructions for the worm there.
It was a smart trick. The worm hunters would only ever spot the illicit address when the infected computers were making contact and the update was being downloaded - too late to do anything. For the next day's set of instructions, the creators would have a different list of 250 to work with. The security community had no way of keeping up.
They're probably not relying on the system bios clock. See Network Time Protocol.
A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser.
Big deal, you say? I can just uninstall the add-on via Firefox's handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the "uninstall" button on the extension. What's more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that -- if done imprecisely -- can cause Windows systems to fail to boot up.
« Older Mark Wagner... | DFG Science TV... Newer »
This thread has been archived and is closed to new comments
Buy a Shirt