Friday, April 3, 2009

Kreb's on Conficker

Lots of great reporting from Brian Kreb's on the threat from Conficker.  Kreb's echoes a lot of points that we discussed in class and have previously made on this blog.
But whatever the number of infected machines, I think one important aspect of this and other date-based threats like Conficker is that they are in danger of being overlooked amid all the the I-told-you-sos and the nothing-to-see-here-move-along type sentiments.

One problem with over-hyped threats that fail to live up to expectations (as they invariably do) is that they tend to desensitize the average user to more insidious, stealthier threats.

All of that said, the truth is that the threat from Conficker is as real today as it was three days ago on April 1: The worm's author(s) could easily decide to wait until everyone's guard is down to instruct all infected systems to update themselves with additional malicious components, or to attack some target online or start blasting spam.
As stated earlier, we need to move past overhyped vulnerability analysis and embrace a more holistic risk analysis paradigm that encompases threat, vulnerability, and consequence.

No comments: