Monday, March 30, 2009

Don't Believe the Hype

From Panda Labs

Lately it seems everybody is talking about Conficker and its variants. And much more so if we have to take into account the build up fear around the coming day of April 1st. It’s been a while since we saw so much coverage in the general media and I don’t want to tell you to disregard this, because it does contribute to general awareness and make users more conscious. But I also want to say that perhaps it does more harm than good. Let go back over the issues that are flying around the world. Regarding the damn date… will Conficker be activated 1st April? No. But it will do something that day, won’t it? Yes, Conficker is a malware that creates random URLs everyday and the PCs infected with it check if there is any new available version to download. It does so 250 times a day. What will happen then 1st April? The last variant creates 50,000 new URLs. We can’t know if any of them will host an update of the malware, its author could host a new version or even some other type of malware.

I couldn't agree more with this opinion. While Conficker is a very large botnet, we've seen large botnets before. The Storm worm built a botnet comprised of million of infected computers just last year and I'm willing to bet that none of you noticed. Bottom line is that Conficker likely won't break the Internet - in fact I doubt any of you will even notice any effects from it.

Read the rest of PandaLabs report on Conficker here.


ben b said...

The article's main point, 'despite widespread media attention, Conficker is nothing really new' (paraphrased), is true. However, I disagree with the statement that "But I also want to say that perhaps it does more harm than good." The most likely effect of all this hubbub is that JoeUser will be more likely to patch/update his computer, and maybe use better antivirus software. What are the potential harms that Panda Labs sees from this increased attention by the mainstream media?

Ned Moran said...

I think PandaLabs is drawing a parallel between the media's attention on Conficker and the boy who cried wolf. Certainly, more average users will now pay attention to computer security but as time passes and these users do not notice substantial effects from this worm and botnet then they will treat future warnings about computer security as needless hype.

Many computer security experts agree that the key to improved security is through user education and training. Education and training can only be achieved through an even-handed analysis and presentation of the facts - not over hyped rhetoric.