UIS and Conficker are not so bad
Eat it, Conficker
This evening, UIS sent out an email warning students about the much-hyped internet worm known as Conficker. Techies worldwide fear that this bug, which is really, really well designed and may “go live” tomorrow and make a lot of trouble using it 10 million computer botnet.
“The University Information Security Office has taken steps to identify vulnerable systems on the Georgetown Campus and has made efforts to notify these individuals to update security patches provided by Microsoft.”
Sounds like a “God help us all” scenario, doesn’t it?
But UIS is actually on the right track, says Ned Moran, a computer science professor who teaches a class on Internet Security at Georgetown (full disclosure: I took the class last semester). According to Moran, running anti-virus software and always making sure you run system updates on your computer as soon as they’re available is the best way to proactively combat infections.
If you suspect infection anyway (say your virus scan software is shutting down as soon as it begins to run), you can scan your computer with tools developed by the Honeynet Project and remove them with software created by Symantec.
As for the doomsday warnings that the creators of Conficker are bent on wreaking havoc with their bug, Moran is less than concerned:
“Conficker is overrated. You’re unlikely to notice any effects from it,” he said. “If cyber criminals are in control then we definitely won’t see any massive coordinated attack. Infected computers equals money for criminals. They rent these computers out to send spam, carry out [Distributed Denial of Service] attacks, host phishing sites, etc. And as you know there are DDoS attacks everyday on the net, phishing attacks occur every day, and spam is always being sent. If criminals control conficker they’ll rent out portions of the botnet to other criminal.”
Unless a country or hostile group controls Conficker, he said, there are other botnets to be worried about.
“[A nation-state or a terrorist group] would likely be more interested in using the entire botnet … in a coordinated attack. If we really want to worry about botnets, the Ghostnet, the botnet that was apparently being used by the Chinese to spy on other countries, should be our focus.”
That’s less than reassuring, but at least it’s unlikely we’ll all be the victims of one big April Fool’s Day prank come tomorrow.
Photo taken from Flickr user greenasian under a Creative Commons license.