Truth and misconception about the Conficker worm

(31/03/2009)

While Conficker is not a threat to take lightly, much of the information being circulated about the worm has been sensationalized and is riddled with inaccuracies. Mary Landesman, senior security researcher at ScanSafe, sets the record straight:

Misconception: The Conficker worm is a ticking time bomb that will detonate on April 1st.

Truth: There are multiple variants of Conficker. Each variant checks in with the command and control servers at regular intervals. A few of the less common variants have a check-in date of April 1st. Security researchers do not believe there is any significance to the choice of April 1st for this small collection of Conficker variants. The majority of Conficker variants, including the B variant which is the most common, do not have April 1st check-in dates.

Misconception: The Conficker worm can spread via infected websites.

Truth: The Conficker worm is an Internet/Network worm. It does not spread via compromised or ‘infected’ websites. It spreads by exploiting the RPC handling vulnerabilities described in MS08-067 (and patched in October 2008). In addition, Conficker (aka Downadup) also spreads via autorun and via weakly protected network shares.

Misconception: Conficker can spread via social networking sites, like Facebook and MySpace.

Truth: Conficker does not spread via Facebook or any other social networking or social engineering method. As noted above, Conficker is an Internet/Network worm, not Web-delivered malware. The Facebook example provided during the ‘60 Minutes’ broadcast actually pertained to the Koobface social networking worm.

Misconception: Conficker is the most dangerous Internet threat to-date.

Truth: Not true. Conficker was originally designed for rogue affiliate advertising. The biggest threats facing users today are the data theft trojans being widely distributed through compromised websites. While infections by worms such as Conficker are very noticeable and thus gain tremendous media attention, the most dangerous data theft trojans are very silent and typically their presence goes unnoticed. This can lead to widescale compromise of sensitive information. Data theft trojans were behind the recent breach disclosed by Heartland Payment Systems, as well as the recently disclosed espionage-style attacks on Tibet and other foreign embassies.

Related topics:  Internet and Web security   Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources