Recently, the United States Congress to “us-China economic and security assessment Board” report, saying the Chinese military hackers had interference United States satellite systems.

　　Gray Hat security laboratory elliptic core member revealed its website, he noted that the Committee had not provided any evidence. Elliptic in 2009 I had been tracking in conjunction with Microsoft in a can make Internet mutual paralysis of the Conficker virus, the virus with the so called interference United States satellites were once considered “Chinese hackers” control through technical analysis, elliptic proved virus control and the United States a close to password research institutions. Microsoft, the Ministry of justice but could not continue due to an unknown reason, investigation hastily abort, people have to wonder: Conficker virus background backgrounds may be extraordinary!

　　Mystery of the Conficker virus raging global

　　It is understood that the Conficker virus is the milestone virus, has infected millions of computers worldwide, several security companies known as “history’s most powerful network attacks” and publish a joint early warning. The virus raging in the world from the end of 2008, beginning in April 2009, all a b c d E5 variants, at one point forcing France Navy warplanes grounded, hacked into United Kingdom Parliament, caused a public stir. Microsoft assessment, its ability to launch the history of “the strongest security attacks” and paralysis of the Internet, urgent form, in February 2009, Microsoft make up the number of security companies combined to deal with, but to little effect.

　　In most of the evil virus behaves differently, Conficker worm on early very “light touch”, this is different from other kinds of worms, as well as Microsoft security researchers play called “Don ‘ t expect, Don ‘ t expect Lee” “model” worm. But at the end of March, a dramatic change, Conficker.C code analysis, will be held on April 1 by burst out with global attack against the directive, which caused great shock in the network security industry. Security manufacturers have released a security alert.

　　Surprise was that April 1 April Fools ‘ day of the attacks has not come really April Fool’s day is the national security agency. Subsequently, the Conficker after several automatic updates, as always, “moderate” and eventually stop automatically propagate, mystery of the vanished sth

　　Vulnerabilities expose virus writers track

　　Gray Hat security laboratory elliptic core members in early 2009 began research on the Conficker worm, and in March, noted an important clues about the Conficker virus. He found that the virus uses the United States the latest cryptographic algorithms, its update encryption algorithm was early exposed vulnerabilities faster than official, repair methods are the same. It would appear that the United States which institution closely associated with virus writers.

　　Here’s how it goes, in June 2008, the United States name password scientist Ronald l. Rivest published the latest MD6 hash algorithm, this algorithm was soon joined the Conficker virus code. But the early publication of MD6 4 buffer vulnerability in the code, these are the vulnerable code is added to Conficker b variant of the virus.

　　On February 21, 2009, MD6 vulnerability is fixed and is made public. But Elliptic noted as early as one day before the February 20 Conficker c variants had fixed this loophole, fix the code and official repair code. Variants of the virus sample time Microsoft has access to information can be found.

　　Elliptic to Microsoft reported the situation, according to his analysis of two possibilities: one possibility is that Conficker virus author is a person who MIT MD6 study group, and contact with MD6 buffer vulnerabilities should only 1-2 people, it is easy to survey. Another possibility is the attacker attacked MIT MD6 projects relating to vulnerability information and fix code in computer, used before and are not ahead of the release, of course, this possibility is very low. Even so from MD6 research group on the computer you want to track the attacker is not difficult. Conficker virus has also stopped the dissemination and updating of bullsh sth