informa
Announcements
Event
Emerging Cybersecurity Technologies: What You Need to Know - A Dark Reading March 23 Virtual Event | <GET YOUR PASS>
Event
The Craziest Cyberattacks Seen In the Wild and How You Can Avoid Them | Jan 24 Webinar | <REGISTER NOW>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
PreviousNext
Risk
2 MIN READ
Commentary

The Week After: Conflicted About Conficker

The title says it all. With so much hype surrounding last week's impending destruction of the Internet, I started out a bit lackadaisical when people asked me about Conficker. As the week progressed, I started to feel annoyed and slightly hostile because so many people were coming to me to ask what was going to happen and how should they protect themselves. In hindsight, I should be happy at the new awareness brought on by Conficker, but I'm not.
John H. Sawyer
Contributing Writer, Dark Reading
April 06, 2009
The title says it all. With so much hype surrounding last week's impending destruction of the Internet, I started out a bit lackadaisical when people asked me about Conficker. As the week progressed, I started to feel annoyed and slightly hostile because so many people were coming to me to ask what was going to happen and how should they protect themselves. In hindsight, I should be happy at the new awareness brought on by Conficker, but I'm not.It's not yet clear why I'm still unsettled by all of the Conficker hype. I think the primary concern gnawing at me is that users are now settling into a false sense of security. They were scared that their computers and beloved Information Superhighway were going to melt into useless lumps of slag. April 1 came and went without death, destruction, and blue screens, so to them the hype was undeserving, and they're going to revert back to their typical, insecure behaviors.

Sure, sure. A small populous likely adopted better security practices, but the masses will soon forget about Conficker, if they haven't already. So what have we, as a security community, gained? What did we miss while we were so consumed by concerned users and implementing new IDS signatures to detect the "new" Conficker behaviors that were to bring down the 'Net?

I don't know about you, but Conficker is still taking up a decent amount of time, and it's hard not to think about what's getting missed because of this focus. For example, a couple of mailing lists I'm on have seen increased malware activity from hosts infected with something other than Conficker. Also, there was the excellent story about "GhostNet" that fell to the wayside due to Conficker hype. GhostNet is much more interesting than Conficker, but it got lost in the bustle.

What's the general consensus in the infosec community? How many of you feel like you had the wool pulled over you eyes? For me, I still haven't decided what caused the snowball of media attention, or its purpose, but I do believe Conficker still poses a very real risk to enterprises. At this point, I'm afraid infosec pros are going to dismiss it, as well, until it comes back to bite them. As with most things, only time will tell.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports
Webinars
More Webinars
Reports
More Reports
White Papers
More White Papers
Events
More Events
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports