The media is buzzing about the most hyped doomsday
threat since Y2K -the Conficker worm. But what is fact
and what is fiction? While Conficker is not a threat to take
lightly, much of the information being circulated about the worm
has been sensationalised and is riddled with inaccuracies.Mary Landesman, senior security
researcher at ScanSafe, sets the record straight.
Misconception: The Conficker worm is a ticking
time bomb that will detonate on 1 April.
Truth: There are multiple variants of
Conficker. Each variant checks in with the command and control
servers at regular intervals. A few of the less common variants
have a check-in date of 1 April. Security researchers do not
believe there is any significance to the choice of 1 April for this
small collection of Conficker variants. The majority of Conficker
variants, including the B variant, which is the most common, do not
have 1 April check-in dates.
Misconception: The Conficker worm can spread
via infected websites.
Truth: The Conficker worm is an
internet/network worm. It does not spread via compromised or
'infected' websites. It spreads by exploiting the RPC handling
vulnerabilities described in MS08-067 (and patched in October
2008). In addition, Conficker (aka Downadup) also spreads via
autorun and via weakly-protected network shares.
Misconception: Conficker can spread via social
networking sites such as Facebook and MySpace.
Truth: Conficker does not spread via Facebook
or any other social networking or social engineering method. As
noted above, Conficker is an internet/network worm, not
web-delivered malware. The Facebook example provided during the
60 Minutes broadcast actually pertained to the
Koobface social networking worm.
Misconception: Conficker is the most dangerous
internet threat to-date.
Truth: Conficker was originally designed for
rogue affiliate advertising. The biggest threats facing users today
are the data theft Trojans being widely distributed through
compromised websites. While infections by worms such as Conficker
are very noticeable and thus gain tremendous media attention, the
most dangerous data theft trojans are very silent and typically
their presence goes unnoticed. This can lead to widescale
compromise of sensitive information. Data theft Trojans were behind
the recent breach disclosed by Heartland Payment Systems, as well
as the recently disclosed espionage-style attacks on Tibet and
other foreign embassies