Fears of a Conficker meltdown greatly exaggerated
With 60 Minutes airing a report on Sunday, some people are panicking, but researchers don’t expect anything dramatic
By Robert McMillan , IDG News Service , 03/27/2009
Worries that the notorious Conficker worm will somehow rise up and devastate the Internet on April 1 are misplaced, security experts said Friday.
Conficker is thought to have infected more than 10 million PCs worldwide, and researchers estimate that several million of these machines remain infected. If the criminals who created the network wanted to, they could use this network to launch a very powerful distributed denial of service (DDOS) attack against other computers on the Internet.
April 1 is the day that the worm is set to change the way it updates itself, moving to a system that is much harder to combat, but most security experts say that this will have little effect on most computer users’ lives.
Nevertheless, many people are worried, according to Richard Howard, director of iDefense Security Intelligence. “We have been walking customers down from the ledge all day,” he said. Often, the problem has been that company executives have read reports of some April 1st incident and then proceed to “get their IT and security staffs spun up,” Howard said in an e-mail interview.
That hype will probably intensify when the U.S. TV newsmagazine 60 Minutes airs a report Sunday on Conficker, entitled “The Internet is Infected.”
Conficker “could be triggered, maybe on April 1st … but no one knows whether on April 1st they’ll just issue an instruction that says ‘Just continue sitting there’ or whether it will start stealing our money or creating a spam attack,” CBS reporter Lesley Stahl said in a preview interview ahead of the show. “The truth is, nobody knows what it’s doing there.”
April 1 is what Conficker researchers are calling a trigger date, when the worm will switch the way it looks for software updates. The worm has already had several such trigger dates, including Jan. 1, none of which had any direct impact on IT operations, according to Phil Porras, a program director with SRI International who has studied the worm.
“Technically, we will see a new capability, but it complements a capability that already exists,” Porras said. Conficker is currently using peer-to-peer file sharing to download updates, he added.
The worm, which has been spreading since October of last year, uses a special algorithm to determine what Internet domains it will use to download instructions.