Conficker/Downadup: An Update
Conficker; there has probably never been a virus or worms with so much written about it. And now that’s it’s April 1st and the world has not come to an end, many people are no doubt questioning whether Conficker was a bust and nothing we didn’t needed to worry about, if the threat itself was over hyped, and it all the electronic ink spilled about this threat was worth it. I’ll give you my opinion, but first a status update of Conficker.
April 1st has come and as predicted machines infected with Downadup.C have switched to the new communication algorithm. But when these infected machines are able to communicate back to a Command & Control server they are not getting updated with a malicious code payload. In other words, no large or small, malicious attack has been unleashed by Conficker.
So is Conficker a bust for the bad guys? No. One thing we can tell about this worm is that whoever is behind this worm is patient and building something they want to be able use for a long time. That nothing malicious was done today doesn’t mean that it couldn’t be done tomorrow, or the next day, or in days after that. Those machines are still there waiting to be commanded.
Was the threat overhyped? The April 1st date certainly was. Symantec tried to be very specific in our communications that while it was possible something bad could happen today, it was unlikely. But I think the suspense got the better of some people, especially in the media. I was consistently asked about what the worst case scenario might be. And often that was the only part of what I said that was quoted or repeated.
Was all this talk about Conficker a waste of ink? No. It’s still a threat. And if it got people to review their security posture and check to see if their systems we fully protected, then it didn’t waste anyone’s time. Conficker is only one of thousands of threats out there.
Symantec continue to monitor Conficker. Like we said before April 1st; stay calm. And stay protected.