Fears of a Conficker Meltdown Greatly Exaggerated

BobB-nw writes "Many have been worrying that the Conficker worm will somehow rise up and devastate the Internet on April 1. These fears are misplaced, security experts say. April 1 is what Conficker researchers are calling a trigger date, when the worm will switch the way it looks for software updates. A 60 Minutes episode about the worm on Sunday will stoke concerns. But the worm has already had several such trigger dates, including Jan. 1, none of which had any direct impact on IT operations, according to Phil Porras, a program director with SRI International who has studied the worm. 'Technically, we will see a new capability, but it complements a capability that already exists,' Porras said."

Re:If only...

Exactly! That's why Apache installations are the most-compromised servers on the net!

Oh, wait...

Re:How to prevent/detect/remove these?

[TinBromide]

gah, there's a typo. I actually pipe everything to Gmail.

(*not using outlook)

Re:Hoping for no meltdown.

[mail2345]

Has been mentioned before.

It uses 4096 bit RSA to sign the binaries.

I don't know any group that could crack that(yes, not even you, FBI/CIA/NSA super computer).

You might have a point...

[symbolset]

If there were only one Linux. There's not. There are thousands. The kernel itself doesn't require services that need open ports and application level security is a per-distribution thing so no two are going to have the same set of vulnerabilities. Linux is not a "monoculture".

We live in the world as it is, not as it might be. What-ifs really aren't worth spit. You can choose to run an OS that was vulnerable to Conficker, Koobface, Torpig, Storm, Antivirus 2009, Bitfrost, Sasser, MyDoom, Sober, Sobig, Welchia, Blaster, Nimda and Code Red and will be the target of the next six. Or not. It's up to you. Don't try to pretend that there's no functional security difference between the two because that's absurd. Add up the amount of data that was and will be compromised by that list of malware and you have enough to bring the world economy to a screaming halt. Between them those computers probably had access to financial or personal data on a majority of people who've had a digital record and more corporate secrets than should be in a hundred data pools.

What the other guy does shouldn't matter. It should be about being responsible with the data entrusted to you, about being a good steward of your own gear. If you are in IT then your customers are counting on your professional expertise to save them from inadvertently disclosing information via system compromise, and that's a solemn duty. From that perspective the choice is clear. If you can choose to not be a target why would you not leap at that option?

Re:I wish the creators had something useful in min

[Korin43]

Destruction of property is not helpful for the economy. Any money that people have to spend on computers, they can't spend on something else. Sorry no free lunch here.

Some clarifications ....

• Conficker A and B infect computers by exploiting MS08-067. Conficker B also infects by installing itself as an AutoRun trojan on any removeable media it can find.
• On already-infected computers, Conficker A and B will attempt to download an additional payload from any of 250 random hostnames, generated daily. Conficker C does not do this until April 1, after which it will generate a pool of 50000 hostnames every day and randomly pick 500 of those to attempt. This is what the articles were referring to.
• The payload is RC4-encrypted and RSA-signed. Conficker executes it blindly. These payloads have so far been used only to install newer versions of Conficker.