Is Conficker an April Fools Joke?

Update 4/9/2009: Obviously, the Internet didn't melt down, but some of of the information security people around were waiting for the other shoe to drop. According to this article, Conficker has woken up, and started moving files. We're still looking.


Original Post:

If you've been paying attention to media, you've probably heard about the Conficker worm. It really is a big thing, and has been a problem to corporate IT staffs since last October.

If you're a home user, there's not much you can do about it, except make sure your virus signatures are up to date, and run a virus scan.

If you would like a quick sanity check to see if you have conficker - click on one of these two links:
Symantec , or F-Secure.

You should see Symantec and F-Secure, two network security companies. If you had the Conficker worm, you'd get something else, and should immediately run a full security scan.

The reason it's come up now to the mass media is that researchers have found a reference to April 1 in the Conficker code, and they're not sure what it does. Conficker might wake up and do something, and it also might be part of a bigger event, so we're keeping alert.

You can find lots more about it at the Honeynet project and SANS (Extreme technical content on these sites )

Perry

What's the benefit of signing my email?

My brother, Pete, asked a great question when I used a digital signature to sign a message to him: "So what's the benefit of signing? Is it something I could/would/should do frequently?"

He's referring to using a Digital Signature to electronically "sign" an email message. The digital certificate is impossible to forge, and proves that the message was really sent by the person who claimed to send the message.

When people habitually use these signatures, then it prevents someone else (like a spammer, or worse) from impersonating them.

In this case, I signed my message to him, which sent both my digital certificate and a code at the end of the message. This code was created by mathematically processing all the contents of the message and the certificate. The email program on his end compared the code to the contents of the message, and the certificate, and found that they matched. It also checked the certificate against the signature of the company that issued the certificate, to be sure the certificate itself wasn't forged. This meant that not even one letter in the message was changed between my computer and his.

If Pete then saved my signing certificate into his email program, he could also encrypt the messages he sent to me, and no one could read them except me.

Pete also has a "confidentiality notice" on his email - legalese saying that misdirected mail should be deleted. Lots of people use these, my work recommends this sometimes, too. If people encrypted all their confidential information, they wouldn't need the notice, misdirected mail would be unreadable by any unintended recipients.

Signed and encrypted messages are widespread in the DoD and somewhat in the geek community

In fact, messages containing attachments or links won't even go through the US Air Force mail system unless they're signed. Yes, this is a pain in the neck when we work with external organizations who don't have digital certificates.

I used Comodo for my free certificate at home, in Mozilla thunderbird

Apparently it's only valid for a year - I had forgotten that ( oh look, good until 5/24/2009 ) - I'll be interested to see what happens on May 30 - I think it'll die and I have to get another one. I'll pay for it then, I think.

The fact that Pete is pretty savvy in computers, and digital certificates are wildy useful to prevent identity theft, shows the problem.

Digital Certificates are not widespread use enough to make a difference right now. Why? That's another post.

Maybe someday.

Perry