Fear and Panic: The Conficker Worm is mostly a non-issue - for now

by Steve Ragan - Jan 19 2009, 17:20

Conficker, the Worm presently making headlines and moving about online, is a Worm variant that appeared in November of 2008. While there is a great deal of established fact on the Conficker Worm, early reports centered on speculation and FUD. One of the articles that gained swift attention came from CNN, which wrote conflicting information when reporting on Conficker.

"A new sleeper virus that could allow hackers to steal financial and personal information has now spread to more than eight million computers in what industry analysts say is one of the most serious infections they have ever seen," CNN reported.

"So far it doesn't try to steal personal information or credit card details," the CNN report added, which is where the conflicting information comes from.

The truth is, the Worm could be worse, but it isn’t yet at that level. So far, all it does is spread and attempt to download more Malware. Yes, in the future it's possible it could download Malware that hijacks personal information, but this is no sleeper Worm, and it is not taking personal information and shipping it off.

"What Conficker could allow hackers to do is truly as irrelevant as it gets. The conditions that allow Conficker to spread mean that any semi-skilled hacker or malware author can do the same and much worse with complete and total impunity," said Randy Abrams, Director of Technical Education for ESET in a recent blog post regarding the CNN report.

"To Microsoft’s credit, most of the infections are coming from the corporate space. Why is this to Microsoft’s credit? Because it means that Windows Update is working pretty well in homes, where it is usually allowed to work," Abrams noted.

"For businesses this is a dismal finding. This means that standard security basics are not being enforced. There is really sobering news here. Perhaps businesses are not investing in security," added Abrams. 

"An IT person [needs] some budget and time to do his or her job. Maybe businesses do not know how to evaluate competent security professionals to put in charge. "We needed time to test" is not an excuse for not having deployed the patch for MS08-067. If there is a legitimate reason for not having deployed the patch then there are other many other layers of defense that should be in place for protection."

The harsh truth is this: the Downadup Worm exists to take advantage of a security flaw that has been patched for quite some time. The problem is compounded when considering the lack of security applications in use, or security applications that are missing updates.

Ultimately, Conficker teaches a valuable lesson as to why patching works. Home users need to stay on top of operating system security patches and important software updates. Businesses need to dedicate resources to patch management and focus on security as part of their entire business model. The days of business as a whole being separate from IT and security are over.

Around the Web