Conficker's makers lose big, expert says
Hackers' work was for nothing as attention mushroomed, argues Symantec exec
Computerworld - The malware makers who crafted Conficker must be extremely disappointed, a security expert said today, and not because the Internet didn't come crashing down as some of the wildest speculation had predicted.
"All of their work has gone for naught," said Alfred Huger, vice president of development for Symantec Corp.'s security response team, referring to the hackers who created the Conficker worm.
Ironically, it was the extraordinary success of Conficker that made the hackers' work essentially a wasted effort, Huger said. "Most of the work done on Conficker was because of all the attention it got, absolutely," he said, pointing to the drumbeat of coverage since the worm first surfaced in November 2008 and the frenzy that led up to today, when its newest variant started switching to a new communications scheme.
"This is the biggest worm, in terms of press coverage received, since we experienced Code Red," Huger noted. Code Red, which struck Microsoft Corp.'s server software in 2001, slowed networks to a crawl. "And that's great. I think the threat was genuine, and without all the attention, it could have been a big problem."
The anti-Conficker efforts prompted by that attention included the so-called "Conficker Cabal," a consortium of researchers and companies that have tried to disrupt the worm's "phone home" ability. Other researchers, meanwhile, exploited a Conficker flaw to create a scanner that quickly detected infected PCs.
The beginning of the bad news to Conficker's makers was in January, Huger said, when the worm's profile soared as it infected millions of Windows PCs. "The distribution is what got everyone's attention, because it got so big in such a short time," Huger said. "And the fact that it was exceptionally well written, that was in intriguing to [security] researchers."
Vincent Weafer, another Symantec security response executive, put it succinctly earlier this week. "In reality, the author or authors probably didn't intend for this malware to get as much attention as it has," he said in an e-mail. "Most malware these days is designed to be used for some type of criminal monetary gain, and conducting such criminal acts typically requires stealth measures to be successful." "I think this just fades into the background noise of bot networks," Huger said today. "It's a large botnet, but not the largest."
How large is still unknown. Although estimates of the size of the Conficker-infected pool have ranged from 1 million to 12 million, it has been difficult to pin down the number of computers infected with Conficker.c, the newest variant and the one that sparked the massive coverage leading up to today.
- Researchers turn Conficker's own P2P protocol against itself
- Conficker botnet could flood Web with spam
- IT was ready for April 1 Conficker attack
- Conficker, the Internet's No. 1 threat, gets an update
- IT Blogwatch: Conficker botnet wakes up and smells the coffee
- Conficker's makers lose big, expert says
- Conficker activation passes quietly, but threat isn't over
- FAQ: Just the facts on Conficker
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts