The media is buzzing about the most hyped doomsday threat since Y2K - the Conficker worm. But what is fact and what is fiction? While Conficker is not a threat to take lightly, much of the information being circulated about the worm has been sensationalised and is riddled with inaccuracies. Mary Landesman, senior security researcher at ScanSafe, sets the record straight.
Misconception: The Conficker worm is a ticking time bomb that will detonate on 1 April.
Truth: There are multiple variants of Conficker. Each variant checks in with the command and control servers at regular intervals. A few of the less common variants have a check-in date of 1 April. Security researchers do not believe there is any significance to the choice of 1 April for this small collection of Conficker variants. The majority of Conficker variants, including the B variant, which is the most common, do not have 1 April check-in dates.
Misconception: The Conficker worm can spread via infected websites.
Truth: The Conficker worm is an internet/network worm. It does not spread via compromised or 'infected' websites. It spreads by exploiting the RPC handling vulnerabilities described in MS08-067 (and patched in October 2008). In addition, Conficker (aka Downadup) also spreads via autorun and via weakly-protected network shares.
Misconception: Conficker can spread via social networking sites such as Facebook and MySpace.
Truth: Conficker does not spread via Facebook or any other social networking or social engineering method. As noted above, Conficker is an internet/network worm, not web-delivered malware. The Facebook example provided during the 60 Minutes broadcast actually pertained to the Koobface social networking worm.
Misconception: Conficker is the most dangerous internet threat to-date.
Truth: Conficker was originally designed for rogue affiliate advertising. The biggest threats facing users today are the data theft Trojans being widely distributed through compromised websites. While infections by worms such as Conficker are very noticeable and thus gain tremendous media attention, the most dangerous data theft trojans are very silent and typically their presence goes unnoticed. This can lead to widescale compromise of sensitive information. Data theft Trojans were behind the recent breach disclosed by Heartland Payment Systems, as well as the recently disclosed espionage-style attacks on Tibet and other foreign embassies