Security expert Dan Kaminsky, working with the Honeynet Project's Tillmann Werner and Felix Leder, have discovered an easier way to detect if a machine on a network is infected by Conflicker. Dan writes:

What we've found is pretty cool: Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously, and very, very quickly. You can literally ask a server if it's infected with Conficker, and it will tell you.

The code, just released today, is quickly finding its way into the scanners of all the major security software companies, and will hopefully prevent the worldwide holocaust/Russian Lolcat invasion tomorrow. We'll see! [Doxpara Research via Ars Technica]

The scariest thing about the Conficker worm is that literally millions of infected Windows PCs could be linked together to do its bidding. The second scariest thing is that no one really knows what its creator is going to do with this virtual army on April 1, when it's scheduled to contact a server for instructions. It's so bad, Microsoft has a running $250,000 bounty for the author, dead or alive. (Well, they probably want him alive, but they hate his guts.)

The New York Times' John Markoff rounded up some of the more ingeniously evil possibilities in a compelling article, the most sinister being a "Dark Google," postulated by University of California at San Diego researcher Stefan Savage, that would let bad people scour zombie machines all around the world for data to sell to other bad people.

But let's back up a bit. Conficker—whose weird name is a combination of "configuration" and a slightly more polite word for f***er, according to Urban Dictionary—actually began life as a lowly, "not very successful" worm in November, says Vincent Weafer, VP at Symantec Security Response. Weafer told us it exploited a Microsoft remote server vulnerability that had already been announced and patched the previous month, so the only systems that were vulnerable were the ones that weren't up to date.

The B release, pushed in December, on the other hand, was "wildly successful," says Weafer, infecting millions of unpatched computers because it's an aggressive little bastard—the first worm in years on a scale like Blaster. It has built-in p2p capabilities, and brute forces its way into open shared folders or printers, so it can crawl an office network quickly. It also piggybacks onto USB flash and hard drives. On top of all that, it's designed to be incredibly resilient, killing security software, disabling Windows Update, and digging down deep.

The C release came out this past month. It doesn't go after new machines—it's actually a payload for computers already infected with B. It transformed Conficker from a sneezing pandemic into a seriously nasty plague. With C, its p2p powers are extended further, with digital code-signing, so it only accepts trusted code updates from itself. That means security experts can't simply inject code to neutralize it. The patch also made Conficker better at killing security software. And it expanded the scope of the domains it tries to contact for instructions from 250 to 50,000, completely neutralizing security experts' previous tactic of seizing the domains. There's effectively no way to the cut the head off of this demon snake. The stage is set: On April 1, Conficker will reach out for the millions-strong zombienet's next set of instructions.

So what will happen? Well, no one knows for sure. Conficker's creator can do whatever he wants with his army. Launch massive denial-of-service attacks, setup the "Dark Google" syndicate, target millions of new machines, or generate a tidal wave of spam that'll crash against servers all over the world.

Most likely though, Weafer told us, Conficker's creator is motivated by money—they'll rent it out. And if Conficker's used as a massive doomsday tool, they'll "quickly lose the ability to make money" with it. A low key operation harnessing the power of computers that are mainly located in developing nations may not have a big impact, though it would certainly set a terrible precedent: Whatever Conficker's results, they will lead others to develop this idea in frightening new directions.

Conficker's innovative approach that utilizes p2p, code-signing and a distributed domain setup will very possibly serve as inspiration to other malware writers, who Weafer said "you can bet" are watching Conficker's success very closely, just as Conficker's creators have clearly learned from past malware. It's like evil open source.

That doesn't mean April 1 will be a "digital Pearl Harbor." If your machine is patched and up to date, the Microsoft Report's Ed Bott tells us, you'll probably be totally fine. And yes, you can get rid of it if you happen to be infected. There is an outside chance Conficker could turn into a massive parallel computer that borders on self-aware, come April 1, but more than likely, the day will come and go without you noticing anything weird, just some extra spam in your box for some V@ltr3xxx.

Still something you still wanna know? Send any questions about worms, V14GRA, or Jason Chen's pants to tips@gizmodo.com, with "Giz Explains" in the subject line.

They've got a team of superfriends involved with the hunt:

Symantec, F-Secure, VeriSign, Afilias, Internet Systems Consortium (ISC), and the Shadowserver Foundation.

The worm itself is dangerous, although it hasn't done any real damage yet. It has infected 15m PCs so far, setting them up for a yet-to-come malicious payload.

Two hard questions come to mind. Why can't the FBI handle this? And wouldn't that money be better spent on PSAs informing users to install the available patch for the vulnerability? Then again, I suppose that they're sending a message to all hackers. Microsoft will buy off your friends, and at least one of them will sell you out. That, and Microsoft is scared of you. [Yahoo via BBG]

New SanDisk SD Cards Retain Data For As Long As 100 Years;
Once Recorded, Files Can’t Be Altered Or Deleted

MILPITAS, CALIFORNIA, July 15, 2008 – SanDisk Corporation (NASDAQ: SNDK) today introduced the SanDisk® SD™ WORM card, a Write Once Read Many (WORM) digital memory card intended for professional uses such as police investigations, court testimony, electronic voting and other applications where data files must be protected from alteration or deletion.

Analog recording media such as film and audio tape are rapidly becoming obsolete, driving demand for a solution suitable for today’s digital devices. But conventional rewritable memory cards do not meet legal requirements to prevent data tampering.

Digital data written to SanDisk SD WORM cards is effectively locked as soon as it is recorded; there is no physical way to alter or delete individual recorded files. Yet viewing the data is simple, because the cards are readable in any standard SD slot attached to a computer or other SD-compatible device.

SanDisk SD WORM cards also offer 100-year archive life1, when kept under appropriate storage conditions.

Applications for the SanDisk SD WORM card include:

* Police photography and witness/suspect interviews, where courts require proof that photos and audio recordings are genuine.
* Court proceedings, such as trials and depositions.
* Electronic voting, where recorded votes must be tamper-proof.
* Cash registers which record transactions for tax collection purposes.
* Event recorders, such as security cameras and “black box” flight-data recorders.
* Medical devices which retain individual patient treatment data.
* Personal digital assistants (PDAs) and similar devices used by physicians and other health-care professionals to track patient interactions.

“As digital media volume has grown and surpassed traditional analog media such as film and audio cassettes in the consumer market, law enforcement agencies and other professionals are facing rising costs and lack of supply,” said Christopher Moore, director of product marketing for OEM memory cards at SanDisk. “SanDisk’s new SD WORM cards offer professionals a one-stop solution for capturing and archiving critical data, along with many other benefits of moving from analog to digital.”

For example, the benefits for photography in these applications include eliminating the expense and delay of film processing, as well as subsequent scanning of negatives into digital files. With voice, in-field recorders become more reliable because they no longer have moving parts, and there are no more tapes that can tangle or break. SanDisk SD WORM cards also open up the possibility of unified storage, with all case data – text, photos, voice recording, etc. – stored on a single durable card that can be easily shared.

SanDisk is now partnering with manufacturers of cameras, digital voice recorders, medical equipment, electronic cash registers and other digital devices to add the firmware required for recording to SanDisk SD WORM cards. SanDisk is also working with the SD Card Association for approval of this new specification as an industry standard.

In addition, third-party resellers of SanDisk SD WORM cards can develop security enhancements for the cards, such as password protection and encryption. One enhancement now under development for the cards is the addition of TrustedFlash™ security technology developed by SanDisk that securely stores sensitive digital data and applications on digital media.

Pricing and Availability

SanDisk SD WORM cards are available now worldwide in 128-megabyte2 capacity and are expected to be available in higher capacities later in the year. Pricing is available on request.

[SanDisk]

The sheer volume of spam that can be sent by harnessing the full power of the Storm worm is much greater than anything before. Due to this fact, the money that is generated from spamming, as well as from business deals that are a result of said spam, is thought to be in the area of millions of dollars per day. Clearly, we're in the wrong business. [Personal Computer World]

These interesting but admittedly vague and flaky estimates come from computer scientist Peter Gutman. Although you can pick at the numbers quite easily, the guy makes a very interesting point. While projects like Seti@Home can harness a lot of computing power, a virus or worm that doesn't need to ask permission from a user could conceivably be vastly more powerful. Imagine the potential if virus writers found more interesting things to do with those cycles than send spam.

Will the first person to find extraterrestrial signals be an amateur hacker, rather than Seti? Could complex protein folding solutions be found by bored crackers? And would the benevolent act of finding a cure for a genetic illness outweigh the malevolent act of creating the worm that rounded up the processing cycles needed to do it? [Uber Review]