Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Sunday, March 29, 2009

Conficker Threat: Fact or Fiction

I’ve been writing about the Conficker worm all week and I’m pleased that nobody has accused me of over blowing the situation. My main goal has been to encourage folks to take the same steps to protect themselves as they should be doing every other day of the year.

Most of Conficker stories late in the week have been discussions on if the media has over sold the story and created an atmosphere of fear. According to The Last WatchDog on Internet Security

“Many security experts are downplaying the significance of  millions of Conficker-infected PCs initiating an elaborate calling home sequence on April 1.

Still, concerns are growing  about the much firmer grip the bad guys are on the cusp of securing on the corrupted PCs, whether or not they choose to do anything with them on April Fools Day.”

Here are some facts I believe to be true.

USA TODAY: On that date (April 1st) all Conficker-infected PCs will begin trying to connect to 50,000 web domains to receive further instructions.

F-Secure: “The worm has some peer-to-peer functionality which means that infected computers can communicate with each other without the need for a server. This enables the worm to update itself without the need for any of the 250 or 50,000 domains.”

So, what’s it going to do?  Will the Internet be taken down?  Will a cyberterror attack be launched?  I doubt it.  What people will notice the most are news stories about Conficker. For most of the world, it will be March 31st when computers in China think it’s April 1st. So by Tuesday night malware researchers will be able to provide more information.

SRI Internationals Paul Porras has been quoted in many articles as saying...

“April 1 is what Conficker researchers are calling a trigger date, when the worm will switch the way it looks for software updates. The worm has already had several such trigger dates, including Jan. 1, none of which had any direct impact on IT operations…”

This evaluation makes the most sense and fits with the typical behavior of the sophisticated malware that I’ve been researching. The trend lately has been to create massive botnets or what F-Secure reports as GhostNets. The big news today is how “Canadian research uncovers cyber espionage network”. Go Canada!

Bottom line, your computer is a powerful device. Just like your automobile you need to keep your doors locked, provide regular maintenance and don’t put yourself into dangerous situations.

Security Garden: Conficker Information for the Home Computer User  March 27th, 2009


Labels: ,

Share on Facebook


Blogger Unknown said...

Errrm... just a reminder that the US is not "most of the world"... 1 billion people in China, plus another billion in India, will see April 1st well before North America.

Perhaps one should say "For most of the world, it will be April 1st when computers in the US think it’s March 31st." It just annoys me (here in Australia) when I see US-centric views of the world!

Apart from that minor observation, I do enjoy reading the PC Pitstop newsletters, lots of informative information there. WinPatrol deserves a special mention - it has been instrumental in my small business in picking up virus-infected USB sticks when customers bring them in for print jobs.

7:32 PM  
Blogger Unknown said...

Thank you.
You make a great point. I could have worded that better. I've been trying to make folks in the US more global aware but I'm a guilty as everyone else sometimes.

I've been down under and love it there.

Thanks again,

7:40 PM  
Anonymous Longtimefan said...

Just want to thank you Bill and 'Scottie' for taking good care of so many computers!Your program is the best and a must for all!!
I especialy love the way I can see all the things running and can see what starts up and that I can take control so easily of just about everything on my computer.
I appreciate that you keep it free as I dont have much money.
You are the best!!

3:50 AM  
Anonymous Anonymous said...

Errm, just a reminder.
It's not about how many people
(and person's numbers look wrong so
person may not mean people and may
have it correct if person meant
computers) but about machines.
How many unpatched machines.
Shawn T
Ohio, USA

10:18 PM  

Post a Comment

<< Home