The Confiker Virus hype and measures

Stasiniewicz, Adam stasinia at msoe.edu
Mon Mar 30 11:11:41 CDT 2009


To the main stream media:

 

Please leave your tin foil hats at the door...

 

 

To my fellow NANOGers:

 

I look at this virus from two perspectives.  First the home computers (and
small businesses without any real IT staff).  And second the larger
organizations with dedicated IT staff.

 

Home Users: Many will agree that a large percent (>50%) of home computers
are infected with some sort of malware.  Everything from tracking cookies,
to spam drones, to botnet clients.  Home users are often too cheap/lazy to
get antivirus/firewall protections.  And many are scared to get updates from
Microsoft because of some unrealized danger this might pose.  

 

As I see it, the virus is adding at most 9(?) million to the probable 175
million (350/2
<http://en.wikipedia.org/wiki/List_of_countries_by_broadband_users> )
malware infested hosts out there. In fact, it will probably be much less
than that, as the people who are getting infected by this virus, are
probably already affected by other malware.  

 

Everyone Else: If SQL Slammer has taught us anything, it is the importance
of patch management and firewalls.  And the unending stream of new malware
has also taught us the importance of anti-virus software.  With all the
media hype and removal tools being made, there is no good reason any IT shop
should be affected in any meaningful way.  Invariably we will hear the
stories of places that do get affected, but I doubt it will be anything
overly large.

 

So from a network operational perspective, unless the virus author decides
to launch a DDOS on a single target (and one is either that network or its
upstream) I predict this will have little, if any, effect.

 

 

My $0.02,

Adam Stasiniewicz 

 

 

-----Original Message-----
From: Gadi Evron [mailto:ge at linuxbox.org] 
Sent: Monday, March 30, 2009 7:44 AM
To: Joe Blanchard
Cc: nanog at nanog.org
Subject: The Confiker Virus hype and measures

 

Joe Blanchard wrote:

> Anyone have a copy of this? Would like to analyze it and understand its

> propagation.

> 

> Thanks

> -Joe

 

I'm sure someone sent you a sample by now. As to the malware itself...

 

I haven't personally been following conficker as I've been busy with 

other issues (as much as possible, anyway, with all the hype it's hard 

to escape), but I've been asking questions. I can try and speak on the 

matter from what I've learned by asking.

 

Conficker is a real problem, but will the world end on April Fools?

 

The answer I gather to be the most accurate is:

"The conficker threat will be exactly the same as it is today, on April 

1st."

 

Perhaps putting a date on the threat makes people feel more comfortable. 

What if something happens on April 3rd? Whether we would be warned or 

not, we'll all likely ignore it if April 1st comes and goes quietly.

 

As to the unknown, the author's mind, who can really tell what they will 

do come the 1st?

 

But some of the hype I've seen is truly ridiculous. I am sure some of 

the protected hosting companies sold quite a bit with their "we defend 

against conficker" products.

 

Is conficker a problem? Yes. Can we potentially face hardship on the 

1xt? Yes. Is the rest complete bull? Yes.

 

      Gadi.




More information about the NANOG mailing list