This editorial will appear in tomorrow’s print edition.
You want spooky? Here’s spooky.
Every computer geek in the world knows this already, but non-geeks ought to be aware of the worm called Conficker. This rogue software has infected computers throughout the world by exploiting a chink in Microsoft’s Windows operating system. Computer security experts don’t know who devised it or what it does – other than replicate itself relentlessly on unprotected machines.
Each infected machine has become what is called a "zombie" – a computer that can be secretly controlled through the worm. All of these machines are networked, potentially empowering Conficker’s controllers to make them all work in tandem to wreak some kind of international havoc.
What kind of havoc is anyone’s guess. Many believed Conficker would spring its tricks on April Fool’s day, but it didn’t. Some fear it might suddenly erupt with a tsunami of spam – but that’s just speculation.
What Conficker has mainly done is lurk, like a sleeper agent, on untold millions of computers.
There’s some good news. Microsoft, cybersecurity agencies and industry groups have joined forces against the worm in what The New York Times calls a "highly unusual collaboration." The Conficker Working Group’s Web site (confickerworkinggroup.org) offers an easy detection method and directions to downloads that will disinfect a computer.
The group’s expertise is required, because Conficker is an ultra-sophisticated code that combines multiple means of techniques of attack and defense. Its authors may well be high-end computer scientists; they are so good that some speculate the involvement of a rogue government.
After the worm was initially discovered last November, its controllers waged guerrilla war against those who were trying to eradicate it, adapting Conficker to counter the anti-malware counteroffensive. Kind of like a real virus mutates to bypass the body’s immune system.
Conficker has penetrated key computer systems and forced emergency measures. An infection of the French naval network led to the grounding of some aircraft last winter. But if it is a time bomb, it hasn’t exploded so far. Its creators may be lying low to avoid detection by the various investigative agencies hunting for them.
Conficker is an excellent argument for keeping cybersecurity efforts well-funded. This particular worm may not wind up causing massive damage, but it shows that – despite all the efforts to stop them – malicious and brilliant hackers can still mount a major threat to the world’s digital infrastructure.
On the Web