• Surviving Conficker

    by  • July 29, 2009 • Protect Against Malicious Software

    April 1st is gone but the Conficker threat still exists

    Conficker did not unleash a global attack like SQL Slammer- a worm that crippled the Internet in 30 minutes. But, it isn’t because it wasn’t capable per se.

    The fact is that crippling the Internet is not a smart business model. It is like showing your hand in poker. Right now there are somewhere between 3 million and 15 million computers compromised by Conficker. Both numbers are big, but the larger point is the range in the estimates. Give or take 12 million PC’s, nobody really knows how big the threat is. There are 12 million PC’s that might be infected, or maybe not.

    To unleash the global Conficker army in some sort of massive April Fool’s Day prank that grinds the Internet to a halt just for the sake of doing so might have entertainment value, but it doesn’t generate revenue. What it would do is to help identify the compromised machines, enabling them to be cleaned and patched, and help wipe out the threat. The Conficker creators have a business interest in flying under the radar so they can live to fight- and profit- another day.

    So- nothing really happened on April 1st. Does that mean that we can just forget Conficker ever existed and move on? Absolutely not. The fact that nothing visible occurred from Conficker on April 1st means that there are still millions of PC’s- somewhere between 3 million and 15 million- compromised with Conficker. They can send out spam. They can host malware. They can be used in a botnet denial-of-service attack. They are a mercenary army of malicious PC’s for hire.

    What should you do? 

    1. Check your system to see if it is infected
    2. Make sure your PC has the MS08-067 patch applied
    3. Ensure you have security software installed on your PC and keep it up to date
    4. Read this site on a daily basis to stay informed :-) . You can also keep up with new content from the site by following me on Twitter.

    About

    Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

    http://www.tonybradley.com