The Week After: Conflicted About ConfickerThe Week After: Conflicted About Conficker
The title says it all. With so much hype surrounding last week's impending destruction of the Internet, I started out a bit lackadaisical when people asked me about Conficker. As the week progressed, I started to feel annoyed and slightly hostile because so many people were coming to me to ask what was going to happen and how should they protect themselves. In hindsight, I should be happy at the new awareness brought on by Conficker, but I'm not.
April 6, 2009
The title says it all. With so much hype surrounding last week's impending destruction of the Internet, I started out a bit lackadaisical when people asked me about Conficker. As the week progressed, I started to feel annoyed and slightly hostile because so many people were coming to me to ask what was going to happen and how should they protect themselves. In hindsight, I should be happy at the new awareness brought on by Conficker, but I'm not.It's not yet clear why I'm still unsettled by all of the Conficker hype. I think the primary concern gnawing at me is that users are now settling into a false sense of security. They were scared that their computers and beloved Information Superhighway were going to melt into useless lumps of slag. April 1 came and went without death, destruction, and blue screens, so to them the hype was undeserving, and they're going to revert back to their typical, insecure behaviors.
Sure, sure. A small populous likely adopted better security practices, but the masses will soon forget about Conficker, if they haven't already. So what have we, as a security community, gained? What did we miss while we were so consumed by concerned users and implementing new IDS signatures to detect the "new" Conficker behaviors that were to bring down the 'Net?
I don't know about you, but Conficker is still taking up a decent amount of time, and it's hard not to think about what's getting missed because of this focus. For example, a couple of mailing lists I'm on have seen increased malware activity from hosts infected with something other than Conficker. Also, there was the excellent story about "GhostNet" that fell to the wayside due to Conficker hype. GhostNet is much more interesting than Conficker, but it got lost in the bustle.
What's the general consensus in the infosec community? How many of you feel like you had the wool pulled over you eyes? For me, I still haven't decided what caused the snowball of media attention, or its purpose, but I do believe Conficker still poses a very real risk to enterprises. At this point, I'm afraid infosec pros are going to dismiss it, as well, until it comes back to bite them. As with most things, only time will tell.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks
Get the Gartner Report: SOC Model Guide
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report