*Whew* Conficker wasn’t a big deal – or will it be?!
I’ve had a lot of people ask me, “So, conficker wasn’t as big a deal as they thought?”. I too expected to see something happen on April 1st once these bots got their instruction. But when we didn’t see any big actions by the instruction, that wasn’t a good sign. I thought the Gizmodo blog did a great post on this:
What the April 1 update did was simple: It provided instructions for linking up with the thousands, perhaps tens of thousands of new nodes registered by Conficker.c over the last few weeks, effectively growing the size of the p2p botnet to a point where it can not be stopped.
“It’s not about ownage, it’s about continued ownage,” says Kaminsky, citing a favorite quotation of one of his hacker buddies. “It’s not about how you get into the network, it’s about, ‘How do you be [there] a year from now?’” And the answer is: “You do a lot of the things the Conficker developers are doing.”
“This is not something where the guys wrote it, it’s out, then they’re going to go out and play Nintendo. They’re frankly trying to build something that is a sustainable network for months or years to come,” Kaminsky says.
Kevin Haley, director of Symantec Security Response, raises another good point: “The first [of April] would have been a pretty bad day to choose [to do something with Conficker], because everyone was watching to see what was going to happen. Whoever’s behind this is as lot more patient than we are.”
So, I agree – I think the creator(s) are doing this very well. They are going to use this worm for something a little more than a prank. So, please people – update your windows & run the cleaner utility to make sure you don’t have this on your system.
It was such a waste of publicity and stress for most IT Administrators. There were definitions available from Sunbelt within 4 hours of its detection that removed and cleaned the virus completely.