A search is launched for Conficker's first victim.Byline: jeevan@cpidubai.com (Staff) Where did the Conficker worm come from? Researchers at the University of Michigan (body, education) University of Michigan - A large cosmopolitan university in the Midwest USA. Over 50000 students are enrolled at the University of Michigan's three campuses. The students come from 50 states and over 100 foreign countries. are trying to find out, using a vast network of Internet sensors to track down the so-called "patient zero" of an outbreak that has infected in·fect tr.v. in·fect·ed, in·fect·ing, in·fects 1. To contaminate with a pathogenic microorganism or agent. 2. To communicate a pathogen or disease to. 3. To invade and produce infection in. more than 10 million computers to date.<p>The university uses so-called Darknet sensors that were set up about six years ago to keep track of malicious activity. With funding from the U.S. Department of Homeland Security Noun 1. Department of Homeland Security - the federal department that administers all matters relating to homeland security Homeland Security executive department - a federal department in the executive branch of the government of the United States , computer scientists have banded together to share data collected from sensors around the world. <p>"The goal is to get close enough so you can actually start mapping out how the spread started," said Jon Oberheide, a University of Michigan graduate student who is working on the project.<p>But that's not an easy job. To find the minuscule minuscule Lowercase letters in calligraphy, in contrast to majuscule, or uppercase letters. Unlike majuscules, minuscules are not fully contained between two real or hypothetical lines; their stems can go above or below the line. clues that will identify the victim, researchers must sift through more than 50 terabytes of data to find the telltale signatures of a Conficker scan.<p>One of the ways that Conficker moves about is by scanning the network for other vulnerable computers, but it can be very difficult to spot it for certain, Oberheide said. "The hard thing is to find the exact Conficker scanning activity, because there is a lot of other scanning going on," he said.<p>Tracking down patient zero has been done, however. In 2005, researchers tracked the 2004 Witty wit·ty adj. wit·ti·er, wit·ti·est 1. Possessing or demonstrating wit in speech or writing; very clever and humorous. 2. worm's first victim, a U.S. military base, and even identified the European IP address used to launch the attack.<p>It's been years since anything as widespread as Conficker has surfaced, however, so there haven't been many chances to reproduce this effort.<p>When Conficker first appeared in October, researchers caught a break. Other worms had dodged this kind of analysis by blocking the Darknet IP addresses, but Conficker's authors didn't do that. "We were kind of surprised that it did this completely random scan and didn't blacklist (1) A list of e-mail addresses of known spammers. See spam, spam filter, Blacklist of Internet Advertisers, greylisting and blackholing. Contrast with white list. (2) A list of Web sites that are considered off limits or dangerous. our particular sensors," Oberheide said. "If they'd done a little bit of research, they could have discovered our [network]."<p>Soon after the Conficker outbreak, the Michigan researchers saw a big spike on their sensors, which they attributed to the worm. The network was collecting about 2GB of data per hour in November, but these days, it's closer to 8GB. "The increase in activity we've seen on these Darknet sensors isC* incredible," Oberheide said. "Now, this data is actually useful; we can go back six months and see what this worm was actually doing,".<p>Another group, the Cooperative Association for Internet Data Analysis The Cooperative Association for Internet Data Analysis (CAIDA (IPA: /ˈkeɪdə/)) is a collaborative undertaking among organizations in the commercial, government, and research sectors aimed at promoting greater , published a Conficker analysis earlier this month. The University of Michigan researchers hope to post a similar analysis of their data in the next few weeks, but it could be months before they narrow things down to patient zero.<p>In the meantime Adv. 1. in the meantime - during the intervening time; "meanwhile I will not think about the problem"; "meantime he was attentive to his other interests"; "in the meantime the police were notified" meantime, meanwhile , "the goal is to get close enough so you can actually start mapping out how the spread started," Oberheide said. Copyright 2009 IDG IDG International Data Group IDG Integrated Drive Generator IDG Installation Design Guide IDG Internet Discussion Group IDG Inset Dielectric Guide IDG International Dangerous Goods (mail, shipping) Middle East. All rights reserved. Provided by Syndigate.info an Albawaba.com company |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion