Conficker's makers lose big, expert says
Hackers' work was for nothing as attention mushroomed, argues Symantec exec
Computerworld - The malware makers who crafted Conficker must be extremely disappointed, a security expert said today, and not because the Internet didn't come crashing down as some of the wildest speculation had predicted.
"All of their work has gone for naught," said Alfred Huger, vice president of development for Symantec Corp.'s security response team, referring to the hackers who created the Conficker worm.
Ironically, it was the extraordinary success of Conficker that made the hackers' work essentially a wasted effort, Huger said. "Most of the work done on Conficker was because of all the attention it got, absolutely," he said, pointing to the drumbeat of coverage since the worm first surfaced in November 2008 and the frenzy that led up to today, when its newest variant started switching to a new communications scheme.
"This is the biggest worm, in terms of press coverage received, since we experienced Code Red," Huger noted. Code Red, which struck Microsoft Corp.'s server software in 2001, slowed networks to a crawl. "And that's great. I think the threat was genuine, and without all the attention, it could have been a big problem."
The anti-Conficker efforts prompted by that attention included the so-called "Conficker Cabal," a consortium of researchers and companies that have tried to disrupt the worm's "phone home" ability. Other researchers, meanwhile, exploited a Conficker flaw to create a scanner that quickly detected infected PCs.
The beginning of the bad news to Conficker's makers was in January, Huger said, when the worm's profile soared as it infected millions of Windows PCs. "The distribution is what got everyone's attention, because it got so big in such a short time," Huger said. "And the fact that it was exceptionally well written, that was in intriguing to [security] researchers."
Vincent Weafer, another Symantec security response executive, put it succinctly earlier this week. "In reality, the author or authors probably didn't intend for this malware to get as much attention as it has," he said in an e-mail. "Most malware these days is designed to be used for some type of criminal monetary gain, and conducting such criminal acts typically requires stealth measures to be successful." "I think this just fades into the background noise of bot networks," Huger said today. "It's a large botnet, but not the largest."
How large is still unknown. Although estimates of the size of the Conficker-infected pool have ranged from 1 million to 12 million, it has been difficult to pin down the number of computers infected with Conficker.c, the newest variant and the one that sparked the massive coverage leading up to today.
- Researchers turn Conficker's own P2P protocol against itself
- Conficker botnet could flood Web with spam
- IT was ready for April 1 Conficker attack
- Conficker, the Internet's No. 1 threat, gets an update
- IT Blogwatch: Conficker botnet wakes up and smells the coffee
- Conficker's makers lose big, expert says
- Conficker activation passes quietly, but threat isn't over
- FAQ: Just the facts on Conficker
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!