"A Root Name Server is a name server for the Domain Name System's root
zone. It directly answers requests for records in the root zone and
answers other requests returning a list of the designated authoritative
name servers for the appropriate top-level domain (TLD). The root name
servers are a critical part of the Internet because they are the first
step in translating (resolving) human readable host names into IP
addresses that are used in communication between Internet hosts."
13.
That's how many root name server addresses there are in the internet.
There are more than 13 actual computers of course, but whenever you type
in an URL, it is decoded through one of these 13 addresses. Worldwide,
13 addresses.
Meanwhile...
Conficker is the most successful computer worm ever written. It targets
a vulnerability in a network service of the Windows operating system and
has accumulated a botnet of more than 12 million computers worldwide,
many in government and educational institutions. It has hit more than
200 countries.
Conficker uses many cutting-edge malware technologies and has proven to
be very difficult to eradicate. Nobody knows who wrote it, or who
controls it. It is highly sophisticated: An already-infected computer
exploits a Windows Server Service vulnerability on a target computer to
install software on it that then remotely loads a copy of the virus,
which is packaged in a .DLL file (Dynamic Link Library, a sort of
modular extension that can be linked and unlinked to an executable file,
and one of the worst inventions ever, a huge source of instability in
Windows - ever see a dialog box that said "xxxxxxxx DLL not found"?).
This DLL links itself to the executable file svchost.exe (another
variant attaches to explorer.exe). It's self-propagating and has a way
to evade the Windows defense of recopying DLLs at boot time: it creates
a copy of itself with a random filename in a random location on the
computer, then adds registry keys to have svchost.exe invoke the DLL as
an invisible network service (the Windows Registry - if possible, an
even worse idea than DLLs. It's basically a giant house of cards that
trusts all your apps to behave correctly and write their entries just so
with no policing - and bad behavior often results in a corrupt registry
and a trip to Best Buy...but I digress).
Conficker takes control of your computer, without you knowing about it,
and makes it part of the botnet. A Botnet is just a bunch of PCs that
have been infected and obey commands sent by some secret hub. Because
all these computers can be used together, you can think of a botnet as a
computer, distributed across many homes and businesses. He who controls
a botnet has limitless power.
In a book about Conficker called "Worm", the author says that the botnet
this worm has created is the most powerful "computer" in the world, and
could issue a Denial of Service attack (that's where millions of
requests are made to a server, overwhelming its ability to respond and
hence shutting it down to traffic) so huge that the requests flooding
back to the DNS servers (those 13 logical addresses) would overwhelm
them and, well, shut the entire internet down.
Don't laugh, this isn't some Chicken Little thing, this really could
happen. How do I know? Because it has happened. Not via the Conflicker
Worm, but in another way.
When Michael Jackson died, the internet was flooded with traffic at a
level that it had never seen. This traffic shut down huge sections of
the net worldwide as the servers strained to handle the load. Even
mighty Google, which has one million servers online*, could no longer
process queries relating to MJ for large sections of the world. Smaller
systems like Twitter and TMZ, the news site that broke the story, just
collapsed. RNS upstream servers were way overloaded and performance
plummeted.
If an attack such as this was highly targeted and done on purpose, just
imagine what havoc could be unleashed.
Just to make sure you're clean, go here, Microsoft has a free checker in
case you have old virus scanning software: http://safety.live.com
There is another page that has detailed information about the worm:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?
Name=Win32%2fConficker
If you caught it, see a doctor and get rid of it.
* The actual number of servers Google uses is secret, but this estimate
is based on detailed calculations of bandwidth and data processing
capability. That is a huge number, but then Google processes an enormous
flow of traffic. For comparison, Facebook has 50,000 servers.
No comments:
Post a Comment