Questions about Conficker

Over the weekend I was interviewed by CBC’s Sunday evening news show about Conficker and the possibly grim outlook for PC users everywhere on April 1. Maybe not my best interview, but what bugs me now is that I was just a little too late to provide more detail on how you can tell who’s been infected.

Security researchers on Monday discovered a flaw in Conficker that should help with one of the most important counter-measures to this online threat, which is assessing the scope. When the CBC called and asked how prevalent it was, I said it was millions of PCs. Then I double checked, and it was 2.5 million. Or 10 million. Or maybe only several hundred thousand, depending on how many people had downloaded the patch. It felt vague giving these stats to the TV reporter, and in the end she didn’t really use them. With this flaw, perhaps we can be a little more accurate.

The reporter asked me two other questions I found interesting. She asked whether any good could come out of a situation like this. It didn’t make it on air, but I said yes, there were two things. Any IT security vulnerability is a learning experience, and with Conficker we’re seeing a threat that has had a series of startlingly fast “releases” sent out into the market and tested, as it were, before making new versions. We’re seeing a worm that directly takes aim at file-sharing features in local area networks, and one that spreads physically (like an actual virus) through USB drives. All these things are useful as the industry struggles to prepare itself for even more sophisticated attacks.

I also think Conficker may help reinforce a few security policies that otherwise go ignored. Traditionally worms or viruses come to us via spam e-mail, and the only way companies could prevent them was hope their employees wouldn’t fall prey to the social engineering efforts behind the malware. Conficker has companies looking seriously at user passwords, at the resources needed around patch management and other solid security practices. As the virus writers get more savvy, so should our responses.

The other question the reporter asked me was whether I – or the IT industry at large, was “impressed” by Conficker. I honestly admit the thought hadn’t crossed my mind. I think anyone who’s followed the industry has seen the threats evolve, and probably assumed they would become harder to detect and disable. The rate of infection is considerable, but the actual damage done, so far, has not been on the scale of some lesser viruses, though that could change in a day or two. Can vendors, researchers and IT managers turn this into a non-event? Now that would be impressive.

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Shane Schick
Shane Schick
Your guide to the ongoing story of how technology is changing the world

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight