Conficker Threat: Fact or Fiction
I’ve been writing about the Conficker worm all week and I’m pleased that nobody has accused me of over blowing the situation. My main goal has been to encourage folks to take the same steps to protect themselves as they should be doing every other day of the year.
Most of Conficker stories late in the week have been discussions on if the media has over sold the story and created an atmosphere of fear. According to The Last WatchDog on Internet Security…
“Many security experts are downplaying the significance of millions of Conficker-infected PCs initiating an elaborate calling home sequence on April 1.
Still, concerns are growing about the much firmer grip the bad guys are on the cusp of securing on the corrupted PCs, whether or not they choose to do anything with them on April Fools Day.”
Here are some facts I believe to be true.
USA TODAY: On that date (April 1st) all Conficker-infected PCs will begin trying to connect to 50,000 web domains to receive further instructions.
F-Secure: “The worm has some peer-to-peer functionality which means that infected computers can communicate with each other without the need for a server. This enables the worm to update itself without the need for any of the 250 or 50,000 domains.”
So, what’s it going to do? Will the Internet be taken down? Will a cyberterror attack be launched? I doubt it. What people will notice the most are news stories about Conficker. For most of the world, it will be March 31st when computers in China think it’s April 1st. So by Tuesday night malware researchers will be able to provide more information.
SRI Internationals Paul Porras has been quoted in many articles as saying...
“April 1 is what Conficker researchers are calling a trigger date, when the worm will switch the way it looks for software updates. The worm has already had several such trigger dates, including Jan. 1, none of which had any direct impact on IT operations…”
This evaluation makes the most sense and fits with the typical behavior of the sophisticated malware that I’ve been researching. The trend lately has been to create massive botnets or what F-Secure reports as GhostNets. The big news today is how “Canadian research uncovers cyber espionage network”. Go Canada!
Bottom line, your computer is a powerful device. Just like your automobile you need to keep your doors locked, provide regular maintenance and don’t put yourself into dangerous situations.
Security Garden: Conficker Information for the Home Computer User March 27th, 2009