Remember the Y2K virus?
All computers were slated to deconstruct, elevators would fail, electricity grids would go dark and bank accounts would be nullified.
Those were some of the theories floating around, at least. And when midnight arrived, only a few isolated incidents actually affected day-to-day operations.
The same can be said for the Conficker virus, which was rumored to launch a mass attack on April 1. Conficker, which began targeting Microsoft systems in late 2008, was to remain dormant until Wednesday, when it would check 50,000 hacker-created Web sites for updates.
The infected computer could then send out spam, infect other computers or just be a pain in the hard drive, depending on what a particular Web site instructed, according to Neal McCorkle, information security officer for the Office of Information Technology.
But this virus had roughly the same effect as Y2K — the day ended without the virus living up to its hype. In fact, it has hardly hit computers on campus, McCorkle said.
“We didn’t really see that much on campus,” he said. “It appears that because there was such heavy research into this, Trend Micro and Symantec, which are antivirus programs, knew what to look for in the virus and were able to remove it.”
Much of the Conficker’s publicity was due to its well-crafted threats, according to Stan North Martin, director of outreach, communications and consulting for the Office of Information Technology.
Encrypted into the virus is the list of 50,000 sites from which to get updates, he said. So even when security professionals broke the encryption and targeted what sites they needed to block to prevent the virus from updating, the list was too long for them to block each site.
It’s a daunting task, since many viruses check one Web site from updates, McCorkle said.
“Most viruses, when they get on your computer, periodically get updates, just like from software,” McCorkle said. “They go out and contact a Web site, then they can do different things. This one actually had an incredibly large list of places to get updates from, so the virus would be on your computer and then, when the proper date came, it would go and contact the Web sites itself.”
In this way, even if security professionals blocked 200 Web sites on the list, McCorkle said the virus would still have 49,800 to choose from.
“Because it checks so many, if we shut down 10 Web sites, then it wouldn’t get something from those 10 but would get something from others. We couldn’t possibly stop all the Web sites at once,” McCorkle said.
When security officials find a virus, McCorkle said normal procedure is to find out what Web sites the virus will visit to get updates. But since Conficker’s list was so long, he said this process took many days.
“With 50,000 sites, that’s too many for security professionals to do that,” McCorkle said, adding that the task was even harder since the list was encrypted. “It really tried to hide what it was doing better than other viruses out there, and because it was so difficult to figure out, it interested the security professionals more than other viruses did.”
That didn’t stop OIT staff from monitoring antivirus programs for any sign of the virus on computers that either connected to NCSU Internet or the University servers, Martin said.
“Our secutiry team has been monitoring this particular virus,” Martin said. “They had been making sure that we were prepared for it if something were to take place.”
Although he said reports of the virus have come in from students who live off campus, “it really has been very quiet. There has not been a lot of activity regarding Conficker.”
Up-to-date patches and antivirus softwares, he said, should block the virus and explain the absence of mass reports.
“It hasn’t lived up to what a lot of folks thought it would,” Martin said. “That doesn’t mean it couldn’t do something else.”