Conficker on April 1st: Eve of destruction or big joke?
Will the Conficker worm, expected to activate on April 1, set off viral destruction or be a dud?
Security experts say Conficker.C (also called Downadup) presents a serious threat. Infected machines -- said to number from 3 million to 10 million globally, depending on estimates -- could be activated for data destruction and theft or espionage, spam relays or denial-of-service (DoS) attacks. While a "doomsday scenario" on April 1 seems unlikely, many security professionals regard Conficker.C as the malware fruit of a disciplined criminal operation out to make money off it.
"We need to take it seriously," says Chris Rodriguez, research analyst for network security at consultancy Frost & Sullivan. "The biggest concern is the effectiveness it's had in spreading."
According to Cisco, Conficker.C has infected about 10 million Windows-based computers in 150 countries, with China estimated at 3 million, Brazil at 1 million and Russia at 800,000. These are the top three Conficker infection spots, with some researchers saying the high counts in these regions are due to pirated Microsoft software that doesn't get patched and lack of antivirus software on machines. In the United States, about 200,000 infected computers are suspected.
Symantec, which says it uses a different method for estimates, puts the total Conficker infection count at more like 3 million globally. However you count, an attacker would find it "easy to point all these machines at one target for a denial-of-service attack, or use them for spam or click fraud or cyber-espionage," Rodriguez says. "I'd be surprised if something didn't happen on April 1."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
