Late yesterday, members of the Internet Information Security Consortium (I2SecC) working in conjunction with a cadre of white-hat hackers from around the globe were able to identify the purpose of the Conficker worm, which has been able to infect a large number of unprotected computers. Starting today, April 1, this network of compromised hosts will begin a massive denial-of-service attack on Web sites that do not pass validation as being fully standards compliant.
In order to ensure you do not fall victim to the worm’s botnet, I2SecC recommends immediate validation of the markup and supporting stylesheets for any Web site that you maintain and correcting any errors that are uncovered. As yet, it is unclear whether the worm will target sites that make use of non-standard DOM scripting; however, a message found by I2SecC researchers in an online forum believed to be from the worm’s creator or a close associate hints that it will: “your document.all are belong to us.”
- #1 On April 1st, 2009 2:16 am