Conflicker's Orgins...No Wolverwine (spoiler alert)
April 1, 2009
A search is launched for Conficker’s first victim. Where did the Conficker worm come from? Researchers at the University of Michigan are trying to find out, using a vast network of Internet sensors to track down the so-called “patient zero” of an outbreak that has infected more than 10 million computers to date. The university uses so-called Darknet sensors that were set up about six years ago to keep track of malicious activity. With funding from the U.S. Department of Homeland Security, computer scientists have banded together to share data collected from sensors around the world. ”The goal is to get close enough so you can actually start mapping out how the spread started,” said a University of Michigan graduate student who is working on the project. But that is not an easy job. To find the minuscule clues that will identify the victim, researchers must sift through more than 50 terabytes of data to find the telltale signatures of a Conficker scan. One of the ways that Conficker moves about is by scanning the network for other vulnerable computers, but it can be very difficult to spot it for certain, the graduate student said. “The hard thing is to find the exact Conficker scanning activity, because there is a lot of other scanning going on,” he said.
A search is launched for Conficker’s first victim. Where did the Conficker worm come from? Researchers at the University of Michigan are trying to find out, using a vast network of Internet sensors to track down the so-called “patient zero” of an outbreak that has infected more than 10 million computers to date. The university uses so-called Darknet sensors that were set up about six years ago to keep track of malicious activity. With funding from the U.S. Department of Homeland Security, computer scientists have banded together to share data collected from sensors around the world. ”The goal is to get close enough so you can actually start mapping out how the spread started,” said a University of Michigan graduate student who is working on the project. But that is not an easy job. To find the minuscule clues that will identify the victim, researchers must sift through more than 50 terabytes of data to find the telltale signatures of a Conficker scan. One of the ways that Conficker moves about is by scanning the network for other vulnerable computers, but it can be very difficult to spot it for certain, the graduate student said. “The hard thing is to find the exact Conficker scanning activity, because there is a lot of other scanning going on,” he said.
posted by arkietechs at 8:40 AM
0 Comments:
Post a Comment
<< Home