Conficker: can’t stand up for falling downadup
You might have noticed that Conficker (Downadup) is actually standing up rather well to all the attention it’s receiving at the moment.
Heise (a European publisher sending out a weekly security newsletter that’s often worth a closer look) that 2.5 million PCs are already infected. In The Register, Dan Goodin reports that the total has increased dramatically since Heise’s initial report to nearly 9 million. (If anyone is interested in how these figures were arrived at, F-Secure have described the process here: it’s guesswork, but it looks like sound guesswork to me.
(Incidentally, I looked back at our ThreatSense.Net® statistics for December, and notice that Conficker had already made number 5 in our top ten detections of known malware worldwide by the end of that month, so we’re not exactly talking about a brand-new fast-burner!)
If you’ve read Randy’s earlier blog, you’ll know that while we take the present epidemic very seriously, there’s an argument for concentrating less on the alarming figures and attributing them to the supernatural powers of what has been described by some as a Superworm, and paying more attention to the fact that a fairly prosaic malicious program has managed to cause so much damage, simply because so many people and sites aren’t taking the elementary precautions that would have dramatically mitigated Conficker’s impact.
Randy’s also participated in a podcast with Ira Victor that ‘s available now: I haven’t looked at it yet, but I’m sure it will be of interest and provide reassurance and sound advice to anyone feeling down about downadup.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
2 Responses to “Conficker: can’t stand up for falling downadup”
Leave a Reply
- David Harley (745)
- Randy Abrams (431)
- Cameron Camp (110)
- Stephen Cobb (60)
- ESET Research (56)
- Pierre-Marc Bureau (51)
- Aryeh Goretsky (30)
- Andrew Lee (15)
- Jeff Debrosse (12)
- Robert Lipovsky (12)
- Paul Laudanski (11)
- Sebastian Bortnik (8)
- Dan Clark (6)
- Righard Zwienenberg (6)
- Sébastien Duquette (5)
- Peter Stancik (4)
- Alexis Dorais-Joncas (3)
- Tasneem Patanwala (3)
- Aleksandr Matrosov (2)
RSS
April 19th, 2009 at 11:19 pm
I agree, guesswork might mislead people. I would expect more solid examples showing accurate numbers
April 20th, 2009 at 2:32 am
I can understand that you might want more accurate figures – at least, I’m acutely aware that the media and some customers are hungry for numbers – but I’m not sure why you’d expect them. By definition, these are unpatched, unprotected or inadequately-protected machines. This industry is generally focused on generating detection (reactive or proactive) and protection, rather than on generating statistics. Even if we accept your assertion that we (or someone) should be generating more accurate numbers (and frankly, I’m not sure why it matters), I don’t understand how you expect us to count infected machines when we have no direct means of communicating with them. Actually, most of the statistical data available on the internet in general is guesswork. Sometimes it’s useful guesswork, sometimes it’s at least harmless, sometimes it’s worthless, sometimes it’s seriously misleading. I don’t see much value in the guesswork around Conficker drone numbers when the guesses differ so widely.