The Conficker worm was touted with nearly as much danger and fear as was Y2K… I remember that New Year’s better than any other in my lifetime simply because we were all standing around the day after to realize “hey, that wasn’t so bad… my computer really could count to 2000!”
With the media’s sensationalism of Conficker/Downadup/Kido, people started to panic once again. Our machines would rise up against us and human kind would become slaves to the technology we’ve become so dependent upon. The best part was that this was all supposed to happen on April Fool’s Day, 2009. Really?
So our team sat back and watched the story unfurl. We infected a machine in our lab to monitor the traffic, or lack thereof. We waited and studied and watched the story unfold- or not. After days of non-activity, the P2P functionality of the worm kicked into effect. Conficker began what appeared to be an update process, as well as dropping an unidentified payload on infected machines. These updates are prime vehicles for changing the modus operandi of the infection as well as adding to the near endless list of methods for killing nearly two dozen security applications and update programs reportedly affected by the infection.
When the P2P traffic trailed off, there was some speculation of a “cease fire” on or around 3 May, 2009 but this may not necessarily be the case. Reports have come from India this week where systems have been observed to have installed a second infection referred to as Waladec, which is known to send spam without the user’s knowledge. Shantanu Ghosh, VP, India Product Operations, Symantec India has been cited to say research has shown that widespread use of peer-to-peer file-sharing programs, low awareness of the need to update anti-virus software regularly and rampant use of pirated software have contributed to India’s high rank among countries affected by Conficker.
Well we may not be out of the woods yet, but this takes me to the moral of our story. Updates are not optional. These things are necessary in order to ensure proper functionality and security within a network. This infection is certainly containable and should not be the end of the Internet as we know it, but if something as simple as an update could stop this thing in it’s tracks, why doesn’t everyone do it?