Conficker's makers lose big, expert says
Hackers' work was for nothing as attention mushroomed, argues Symantec exec
Computerworld - The malware makers who crafted Conficker must be extremely disappointed, a security expert said today, and not because the Internet didn't come crashing down as some of the wildest speculation had predicted.
"All of their work has gone for naught," said Alfred Huger, vice president of development for Symantec Corp.'s security response team, referring to the hackers who created the Conficker worm.
Ironically, it was the extraordinary success of Conficker that made the hackers' work essentially a wasted effort, Huger said. "Most of the work done on Conficker was because of all the attention it got, absolutely," he said, pointing to the drumbeat of coverage since the worm first surfaced in November 2008 and the frenzy that led up to today, when its newest variant started switching to a new communications scheme.
"This is the biggest worm, in terms of press coverage received, since we experienced Code Red," Huger noted. Code Red, which struck Microsoft Corp.'s server software in 2001, slowed networks to a crawl. "And that's great. I think the threat was genuine, and without all the attention, it could have been a big problem."
The anti-Conficker efforts prompted by that attention included the so-called "Conficker Cabal," a consortium of researchers and companies that have tried to disrupt the worm's "phone home" ability. Other researchers, meanwhile, exploited a Conficker flaw to create a scanner that quickly detected infected PCs.
The beginning of the bad news to Conficker's makers was in January, Huger said, when the worm's profile soared as it infected millions of Windows PCs. "The distribution is what got everyone's attention, because it got so big in such a short time," Huger said. "And the fact that it was exceptionally well written, that was in intriguing to [security] researchers."
Vincent Weafer, another Symantec security response executive, put it succinctly earlier this week. "In reality, the author or authors probably didn't intend for this malware to get as much attention as it has," he said in an e-mail. "Most malware these days is designed to be used for some type of criminal monetary gain, and conducting such criminal acts typically requires stealth measures to be successful." "I think this just fades into the background noise of bot networks," Huger said today. "It's a large botnet, but not the largest."
How large is still unknown. Although estimates of the size of the Conficker-infected pool have ranged from 1 million to 12 million, it has been difficult to pin down the number of computers infected with Conficker.c, the newest variant and the one that sparked the massive coverage leading up to today.
- Researchers turn Conficker's own P2P protocol against itself
- Conficker botnet could flood Web with spam
- IT was ready for April 1 Conficker attack
- Conficker, the Internet's No. 1 threat, gets an update
- IT Blogwatch: Conficker botnet wakes up and smells the coffee
- Conficker's makers lose big, expert says
- Conficker activation passes quietly, but threat isn't over
- FAQ: Just the facts on Conficker
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts