Conficker: Did all The Hype Help?

By Sean Michael Kerner
April 2, 2009

Conficker worm timebomb
Conficker -- the malicious worm expected to activate today -- did not cause widespread computer meltdowns around the globe.

But considering that Microsoft patched the flaw five months ago, it's not clear why Conficker ever became a concern to begin with.

So why was it an issue -- and will it be an issue again?

The rise of Conficker, as an event and as a media phenomenon, has as much to do with user inaction as it does with the actual threat posed by the worm itself. The Conficker worm is proof positive of the fact that despite security updates and media reports, users can be the weak link in the security ecosystem unless motivated to action.

"Unfortunately the majority of the work that we are doing now is unnecessary if we had reacted quicker in the first place, patching immediately after the fix was released," Wolfgang Kandek, Qualys's CTO, told InternetNews.com. "The delay in applying the patch has lead to this widespread problem with millions of machines infected, and is something that we, the industry and the users, have to address."

Fortunately, while many users didn't patch for Conficker early on, all the media hype surrounding the April 1 activation date may have had a positive impact on mitigating risk.

"It doesn't look like anything will happen today," Matt Watchinski, senior director of the vulnerability research team at IPS (define) vendor SourceFire, told InternetNews.com. "That doesn't mean nothing won't happen tomorrow. Since there is so much information out there about detecting Conficker, scanning for Conficker, etc., I'd say the hype around April 1st had some positive impact on decreasing the number of infected nodes. Even if it was a so-called 'bust.'"

SourceFire is the commercial vendor behind the popular, open source SNORT IPS. SNORT is used to detect and intercept malicious traffic, and it can be used to identify Conficker-related traffic. Networking giant Cisco also told InternetNews.com that it was using its own IPS tools to help identify and protect against any Conficker-related activities.

Domain registry vendors also stepped up to help in curbing the risks of Conficker. The worm uses the domain name system as part of its command-and-control network, but top-level domain (TLD) operator Afilias told InternetNews.com that it had fought back by blocking some 300,000 domain names to date.

The worm, and the reaction to it, has offered some lessons for the industry, according to Afilias, a member of the Conficker Working Group -- a group of TLD operators, industry leaders like Microsoft and ICANN, and security researchers.

"Conficker has continued to evolve since it was first identified," Heather Read, senior director for communications at Afilias, told InternetNews.com. "We believe this is the first worm of this scale targeting domain names in such a public and massive way."

"The response of registry providers and country code domain administrators has been overwhelming and proves the responsiveness of the Conficker Working Group," she added. "The industry should begin thinking ahead to how to better coordinate to respond to Conficker-like attacks."

While technology like IPS and the efforts of domain registries are positive themes in the Conficker storyline, the reality is that Conficker -- though it's yet to prove to be a doomsday worm -- still exists and likely will for some time to come.

After all, older worms that have long since faded from the headline still persist.

"We still get IDS/IPS events for SQL Slammer, which is more than five years old at this point," SourceFire's Watchinski said. "If that's any indication, I'm assuming Conficker won't be stamped out completely for a long, long time."

This article was first published on InternetNews.com.

Comments

Post a Comment

Popular posts from this blog

Hello Kitty: The Funny, The Weird, And The Horrifying

Image
Source: Hello Kitty: The Funny, The Weird, And The Horrifying Thanks to the marketing skills of Japanese company Sanrio, Hello Kitty’s cute-cat character has been going strong for 35 years and has become an internationally-recognized brand. One of the most diverse and unpredictable places in the entire universe, the world of Hello Kitty encompasses a vast collection of strange products that dazzle the mind and serve as material for an extensive list of noteworthy weirdness. Since there are thousands of Hello Kitty products in just about every category imaginable, it’s difficult to find the weirdest of the weird. Furthermore, many Hello Kitty pictures floating around the Internet are actually photoshopped fakes, so it takes some time to figure out what’s real and what’s not. Still, I managed to scrape together this list of examples that appear to be legitimate products. So, hold on to your seats and get ready to be entertained, disturbed, and maybe even sexually abused
Read more

The Most Enlightening Speech: What's Better Than...

Manila, Philippines -- This speech was delivered during the commencement exercises of the UP* graduating class of 2003 by Mr. Butch Jimenez, the youngest commencement speaker in the university's history. He once dreamed of doing so, and it came true!!! :-) Students wished they had a pencil or paper to jot down notes during the speech; some even wished they had a tape recorder. Some members of the faculty found his speech practical, refreshing, and funny! * UP = University of the Philippines Butch Jimenez, head of PLDT's media and strategic communications department, delivered this speech at the UP Diliman Class 2003 commencement exercise. ---------------------------------------------------------------------- What's better than...? By Butch Jimenez Better than being negative As college students, you're just about to set sail into the real world. As you prepare for the battleground of life, you'll hear many speeches, read tons of books and get miles of advice telling
Read more

Dr Lee Wei Ling - Why I choose to remain single

Sun, Apr 05, 2009 - The Straits Times My parents have a loving relationship, but I knew I could not live my life around a husband By Lee Wei Ling My father became prime minister in 1959, when I was just four years old. Inevitably, most people know me as Lee Kuan Yew’s daughter. My every move, every word, is scrutinised and sometimes subject to criticism. One friend said I lived in a glass house. After my father’s recent comment on my lack of culinary skills, another observed: ‘You live in a house without any walls.’ Fortunately, I am not easily embarrassed. As long as my conscience is clear, what other people say of me does not bother me. Indeed, I am open about my life since the more I try to conceal from the public, the wilder the speculation becomes. My father said of my mother two weeks ago: ‘My wife was…not a traditional wife. She was educated, a professional woman… We had Ah Mahs, reliable, professional, dependable. (My wife) came back every lunchtime to have lunch with the
Read more