Comments on: Confounded by Conficker: not so Dozy http://blog.eset.com/2009/04/09/confounded-by-conficker-not-so-dozy Wed, 16 May 2012 18:22:59 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: David Harley http://blog.eset.com/2009/04/09/confounded-by-conficker-not-so-dozy/comment-page-1#comment-43387 David Harley Sun, 12 Apr 2009 18:44:39 +0000 http://www.eset.com/threat-center/blog/?p=954#comment-43387 Ironic, really, given that this industry is consistently accused of hypeing threats, that I'm being accused here of "playing down" Conficker. No-one said that Conficker doesn't present a threat and never will: rather that there was very little information on what would happen on April 1st, and no particular reason to expect the end of the world, and that there were plenty of other threats to take at least as seriously. In the past few days, there has been a lot more -real- information (as opposed to speculation, some of it very wild indeed), naturally I've passed some of it on, but it still isn't the end of the world. There's nothing inconsistent between our position before - "don't get into a panic, but take all reasonable precautions" - and after: there's a big difference between passing on hard data and yelling "the sky is falling". I haven't "changed my mind": more data came in and made it clear that there were, contrary to first impressions, significant changes in the latest variant. The blog you quoted was replaced with one that was a better reflection of the later data. My point was that the Conficker story has acquired a mythic dimension that was, for a while, aggravated by near-inactivity on the part of the botnet: I evidently didn't make that clear enough. Conficker is and always was a "real threat": there are millions of infected PCs out there somewhere, and that's no hoax. However, that doesn't mean there's going to be a "monster attack" on the internet. I -don't- know for sure that there won't be, of course, but it's unlikely to happen unless the Conficker gang can see a profit in it, whereas there are certainly ways in which they can profit -without- bringing down the 'net. Given the apparent size of the botnet, there could be very large-scale attacks on individual targets: DDoS attacks, for instance. That's quite a different issue, though, and not at all novel. Ironic, really, given that this industry is consistently accused of hypeing threats, that I’m being accused here of “playing down” Conficker.

No-one said that Conficker doesn’t present a threat and never will: rather that there was very little information on what would happen on April 1st, and no particular reason to expect the end of the world, and that there were plenty of other threats to take at least as seriously. In the past few days, there has been a lot more -real- information (as opposed to speculation, some of it very wild indeed), naturally I’ve passed some of it on, but it still isn’t the end of the world.

There’s nothing inconsistent between our position before – “don’t get into a panic, but take all reasonable precautions” – and after: there’s a big difference between passing on hard data and yelling “the sky is falling”.

I haven’t “changed my mind”: more data came in and made it clear that there were, contrary to first impressions, significant changes in the latest variant. The blog you quoted was replaced with one that was a better reflection of the later data. My point was that the Conficker story has acquired a mythic dimension that was, for a while, aggravated by near-inactivity on the part of the botnet: I evidently didn’t make that clear enough.

Conficker is and always was a “real threat”: there are millions of infected PCs out there somewhere, and that’s no hoax. However, that doesn’t mean there’s going to be a “monster attack” on the internet. I -don’t- know for sure that there won’t be, of course, but it’s unlikely to happen unless the Conficker gang can see a profit in it, whereas there are certainly ways in which they can profit -without- bringing down the ‘net.

Given the apparent size of the botnet, there could be very large-scale attacks on individual targets: DDoS attacks, for instance. That’s quite a different issue, though, and not at all novel.

]]> By: Randy Abrams http://blog.eset.com/2009/04/09/confounded-by-conficker-not-so-dozy/comment-page-1#comment-43386 Randy Abrams Sun, 12 Apr 2009 17:54:16 +0000 http://www.eset.com/threat-center/blog/?p=954#comment-43386 I can't speak for David Harley, but I can tell you this much. if you would simply listen to me you would not be at all confused. Take the proper security precautions for dealing with all threats and you don't have to worry about conficker. If you are worried about conficker then you need to get educated. conficker is only a threat who leave themselves exposed to hundreds, if not thousands of worse threats. do you drive around only worried, or particularly worried about one make and model of car on the road? Do you drive less defensively if there is a toyota on the road with you than if there is a Honda on the road with you? Conficker is one of thosands of threats. worry about security, not the specific threat... it's the only intelligent approach. Randy Abrams Director of Technical Education I can’t speak for David Harley, but I can tell you this much. if you would simply listen to me you would not be at all confused. Take the proper security precautions for dealing with all threats and you don’t have to worry about conficker. If you are worried about conficker then you need to get educated. conficker is only a threat who leave themselves exposed to hundreds, if not thousands of worse threats. do you drive around only worried, or particularly worried about one make and model of car on the road? Do you drive less defensively if there is a toyota on the road with you than if there is a Honda on the road with you? Conficker is one of thosands of threats. worry about security, not the specific threat… it’s the only intelligent approach.

Randy Abrams
Director of Technical Education

]]> By: Joe Sakic http://blog.eset.com/2009/04/09/confounded-by-conficker-not-so-dozy/comment-page-1#comment-43364 Joe Sakic Sun, 12 Apr 2009 02:15:12 +0000 http://www.eset.com/threat-center/blog/?p=954#comment-43364 It's funny how on this blog you have been trying to downplay the Conficker worm... and now you're coming up with several posts about how it does this and that... and oh maybe we need to revise our previous tone. How many times are you going to change your mind? Is it a real threat or as you say "I still don’t think it’s going to do “enormous harm” in terms of a monster attack: ". How exactly do you know that for sure? Please try and be consistent, as some readers here who have RSS feeds are getting confused by posts that conflict with one another. Cheers. It’s funny how on this blog you have been trying to downplay the Conficker worm… and now you’re coming up with several posts about how it does this and that… and oh maybe we need to revise our previous tone.

How many times are you going to change your mind? Is it a real threat or as you say “I still don’t think it’s going to do “enormous harm” in terms of a monster attack: “. How exactly do you know that for sure?

Please try and be consistent, as some readers here who have RSS feeds are getting confused by posts that conflict with one another.

Cheers.

]]>