The Week After: Conflicted About Conficker

The title says it all. With so much hype surrounding last week's impending destruction of the Internet, I started out a bit lackadaisical when people asked me about Conficker. As the week progressed, I started to feel annoyed and slightly hostile because so many people were coming to me to ask what was going to happen and how should they protect themselves. In hindsight, I should be happy at the new awareness brought on by Conficker, but I'm not.It's not yet clear why I'm still unsettled by all of the Conficker hype. I think the primary concern gnawing at me is that users are now settling into a false sense of security. They were scared that their computers and beloved Information Superhighway were going to melt into useless lumps of slag. April 1 came and went without death, destruction, and blue screens, so to them the hype was undeserving, and they're going to revert back to their typical, insecure behaviors.

Sure, sure. A small populous likely adopted better security practices, but the masses will soon forget about Conficker, if they haven't already. So what have we, as a security community, gained? What did we miss while we were so consumed by concerned users and implementing new IDS signatures to detect the "new" Conficker behaviors that were to bring down the 'Net?

I don't know about you, but Conficker is still taking up a decent amount of time, and it's hard not to think about what's getting missed because of this focus. For example, a couple of mailing lists I'm on have seen increased malware activity from hosts infected with something other than Conficker. Also, there was the excellent story about "GhostNet" that fell to the wayside due to Conficker hype. GhostNet is much more interesting than Conficker, but it got lost in the bustle.

What's the general consensus in the infosec community? How many of you feel like you had the wool pulled over you eyes? For me, I still haven't decided what caused the snowball of media attention, or its purpose, but I do believe Conficker still poses a very real risk to enterprises. At this point, I'm afraid infosec pros are going to dismiss it, as well, until it comes back to bite them. As with most things, only time will tell.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.