Network News

X My Profile
View More Activity

Conficker's April Fools Fizzled, But Threat Remains

Security experts selling weapons to ward off the dreaded Conficker warned anyone who would listen that April 1 could be a day of destruction, as millions of infected machines started phoning home for malicious software updates. Of course, not only was April Fool's Day a non-event for Conficker, but now comes news that there are far fewer than millions of systems infected with this version of the worm.

Earlier in the week Security Fix reported that only six percent of the world's Conficker-infected systems are in North America, let alone the United States. On Thursday, the researchers who brought us that news - from Atlanta based Internet Security Systems - published their best guess of how many Windows systems are infected wtih Conficker.C, the only version of the worm that instructs computers to search the Internet and private P2P networks for updates after April 1.

ISS's Holly Stewart writes that the company has tracked about a quarter of a million unique systems infected with Conficker.C since March 26. Stewart notes those figures are conservative, given that ISS can't see all of the Internet addresses in the world. ISS further estimates that the network traffic generated by Conficker.C systems seeking updates online represents about four percent of the malicious traffic generated by malware daily around the globe.

But whatever the number of infected machines, I think one important aspect of this and other date-based threats like Conficker is in danger of being overlooked amid all the the I-told-you-sos and the nothing-to-see-here-move-along type sentiments.

In one sense, the response to Conficker could be compared to that of Y2K: A great deal of smart people threw a whole lot of resources and energy at a fairly complex problem and managed to turn a potentially very ugly situation into a relative non-event.

The same thing could be said of the response to this worm by the "Conficker Cabal," a group of security experts, anti-virus vendors, policymakers and private researchers who teamed together with dozens of governments to blunt this threat.

One explanation for why Conficker was such a non-event may be that the louder a piece of malware is, the more it is going to draw the attention and resistance of the anti-virus community and security researchers. Lawrence Baldwin, founder of Atlanta based security consultancy myNetWatchman, puts it more eloquently:

"Anti-virus products basically suck, with one exception: If the threat is on CNN, you can be sure they have a signature to detect it, because if your product doesn't detect something that's on CNN, you're screwed," Baldwin said. "With a worm like this that's so mysterious and successful, it's almost a self-correcting system, because suddenly everyone is going to focus all of their attention on fighting it."

One problem with over-hyped threats that fail to live up to expectations (as they invariably do) is that they tend to desensitize the average user to more insidious, stealthier threats, Baldwin said.

"The problem is that Conficker is one of a million other active threats, and most of the rest are taking a much more stealthy approach," Baldwin said. "Yes, threats like Conficker can grow to a high enough visibility level that it potentially put us in a position to educate the masses, but by that very same event those threats soon become irrelevant because so much visibility is created around them to mitigate them."

All of that said, the truth is that the threat from Conficker is as real today as it was three days ago on April 1: The worm's author(s) could easily decide to wait until everyone's guard is down to instruct all infected systems to update themselves with additional malicious components, or to attack some target online or start blasting spam.

eyechart.JPG

If you haven't checked, or are still concerned that your Microsoft Windows system may be infected with this worm, the Conficker Working Group has produced a clever Conficker Eye Chart that should help you figure that out. My colleague Rob Pegaroro has put together a primer with resources to help users whose systems may have been sickened with this worm.

By Brian Krebs  |  April 3, 2009; 9:26 AM ET
Categories:  From the Bunker , Latest Warnings  | Tags: conficker worm, dud, hype, lawrence baldwin  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: FBI: Internet Fraud Rates Rose 33% Last Year
Next: Web Sites Disrupted By Attack on Register.com

Comments

Oh, dear ... such backtracking and waffling ... Such conflicting (confickering) revisionism.

Is the doomer meme receding? Does this bring back painful and embarassing memories of the Y2K buffonery?

Debunking the doomer meme is like shooting fish in a barrel :)

Posted by: db16 | April 3, 2009 9:57 AM | Report abuse

Regardless of what did or did not occur on April 1, 2009, the fact that millions of computers have unsolicited software installed by an unknown party is troubling. Continued vigilance as well as public awareness initiatives by IT security professionals are clearly warranted.

Suggestion: let us (IT professionals, hobbyists and users) create a weekly or monthly computer security and patch awareness day. Make this a positive and pro-active period of time where the general public looks at their computers or computing habits in order to update software, install anti-virus tools, lock down their personal wireless networks, etc.

Posted by: CB12 | April 3, 2009 11:55 AM | Report abuse

@db16
y2k buffoonery? Not hardly. The problem was real. But, thanks to lots of work by lots of people, the problem was averted. There were a few glitches here and there. But for the most part the investments paid off.

Posted by: wiredog | April 3, 2009 1:11 PM | Report abuse

Response to wiredog :
y2k was never a serious problem. Its importance was blown up by companies who stood to make a lot of money by providing services to avoid the "problem". I was working for one of those companies.
Let me emphasize that I do not mean to imply that the y2k situation was completely harmless, just that it was nowhere near as potent as it was made out to be.

Posted by: observer31 | April 3, 2009 3:22 PM | Report abuse

Re Y2K ... Da fact 'o' da matta is that organizations that did NOTHING to prepare for The Great Century Date Change (Y2K) came out just as well as those that expended mega-bucks and mega-resources ... Nothing really happened at all. A "few glitches"? Shoot, a "few glitches" happen every day, big whup. Y2K WAS INNOCUOUS.

Re Conficker Worm ... SEE ABOVE -- i.e., Same Old Same Old. Merely the Doomer Meme, re-inventing itself.

Posted by: db16 | April 3, 2009 4:02 PM | Report abuse

Y2K was not a "Century Date Change". The century, and the millennium, changed on January 1, 2001.

Posted by: ABHFGTY | April 6, 2009 9:45 PM | Report abuse

@ABHFGTY: So much for THAT lame attempt at Y2K revisionism, LOL ...


Remarks by Chairman Alan Greenspan
Before the President's Council on Year 2000 Conversion, Financial Sector Group, Year 2000 Summit, Washington, D.C.
September 17, 1999


Good morning, everyone. It's an honor to speak today to such an esteemed group. All of you are experts on the implications of the Century Date Change for our sector of the economy, and I suspect I will not have much to add beyond what already is well known. We face an exceptionally complex problem that has required and will continue to require the commitment of significant amounts of resources to fix. The good news is that evidence is becoming more persuasive that our electronic infrastructure will be ready for the Century Date Change. The public's understanding of the degree of our Y2K readiness also has grown, and fears of widespread disruptions around the CDC appear to be waning, though we are not as yet home free.

There is nothing exactly like the Century Date Change in our historical annals from which we can infer its potential consequences. Nonetheless, it is the beginning of wisdom in thinking about the Y2K problem to recognize that failures and breakdowns in mechanical and electronic systems are a normal part of our everyday life...

o
o
o


READ ALLA 'BOUT IT: http://www.federalreserve.gov/boarddocs/speeches/1999/19990917.htm

Posted by: db16 | April 7, 2009 7:07 AM | Report abuse

Conficker is a marketing concept produced by security software giants and Microsoft to sell more product.

Posted by: BMACattack | April 8, 2009 1:19 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company