The title says it all. With so much hype surrounding last week's impending destruction of the Internet, I started out a bit lackadaisical when people asked me about Conficker. As the week progressed, I started to feel annoyed and slightly hostile because so many people were coming to me to ask what was going to happen and how should they protect themselves. In hindsight, I should be happy at the new awareness brought on by Conficker, but I'm not.
The title says it all. With so much hype surrounding last week's impending destruction of the Internet, I started out a bit lackadaisical when people asked me about Conficker. As the week progressed, I started to feel annoyed and slightly hostile because so many people were coming to me to ask what was going to happen and how should they protect themselves. In hindsight, I should be happy at the new awareness brought on by Conficker, but I'm not.It's not yet clear why I'm still unsettled by all of the Conficker hype. I think the primary concern gnawing at me is that users are now settling into a false sense of security. They were scared that their computers and beloved Information Superhighway were going to melt into useless lumps of slag. April 1 came and went without death, destruction, and blue screens, so to them the hype was undeserving, and they're going to revert back to their typical, insecure behaviors.
Sure, sure. A small populous likely adopted better security practices, but the masses will soon forget about Conficker, if they haven't already. So what have we, as a security community, gained? What did we miss while we were so consumed by concerned users and implementing new IDS signatures to detect the "new" Conficker behaviors that were to bring down the 'Net?
I don't know about you, but Conficker is still taking up a decent amount of time, and it's hard not to think about what's getting missed because of this focus. For example, a couple of mailing lists I'm on have seen increased malware activity from hosts infected with something other than Conficker. Also, there was the excellent story about "GhostNet" that fell to the wayside due to Conficker hype. GhostNet is much more interesting than Conficker, but it got lost in the bustle.
What's the general consensus in the infosec community? How many of you feel like you had the wool pulled over you eyes? For me, I still haven't decided what caused the snowball of media attention, or its purpose, but I do believe Conficker still poses a very real risk to enterprises. At this point, I'm afraid infosec pros are going to dismiss it, as well, until it comes back to bite them. As with most things, only time will tell.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024