Questions about Conficker

The reporter asked me two other questions I found interesting. She asked whether any good could come out of a situation like this. It didn’t make it on air, but I said yes, there were two things. Any IT security vulnerability is a learning experience, and with Conficker we’re seeing a threat that has had a series of startlingly fast “releases” sent out into the market and tested, as it were, before making new versions. We’re seeing a worm that directly takes aim at file-sharing features in local area networks, and one that spreads physically (like an actual virus) through USB drives. All these things are useful as the industry struggles to prepare itself for even more sophisticated attacks.

I also think Conficker may help reinforce a few security policies that otherwise go ignored. Traditionally worms or viruses come to us via spam e-mail, and the only way companies could prevent them was hope their employees wouldn’t fall prey to the social engineering efforts behind the malware. Conficker has companies looking seriously at user passwords, at the resources needed around patch management and other solid security practices. As the virus writers get more savvy, so should our responses.

The other question the reporter asked me was whether I – or the IT industry at large, was “impressed” by Conficker. I honestly admit the thought hadn’t crossed my mind. I think anyone who’s followed the industry has seen the threats evolve, and probably assumed they would become harder to detect and disable. The rate of infection is considerable, but the actual damage done, so far, has not been on the scale of some lesser viruses, though that could change in a day or two. Can vendors, researchers and IT managers turn this into a non-event? Now that would be impressive.