News Column

Experts: Media Hype May Have Thwarted Conficker -- But Don't Get Too Relaxed

April 7, 2009


conficker virus, computer security, malware, panda security

It was an odd phenomenon: The more media stories you saw about the massive Conficker computer worm that was supposed to wreak havoc on April 1, the less likely it was that anything would happen on that day.

Executives from a leading computer-security firm say that although widespread media coverage -- some might call it hype -- may have thwarted Conficker on that day, the virus is still very much a threat.

"In the beginning, someone said there is going to be a major crashdown on April Fool's Day," Juan Santana, CEO of Spain-based Panda Security, told "Some guys in the media picked it up, and it generated a lot of noise."

That noise, in turn, may have dissuaded the virus's still-unknown authors to act -- for now, he said.

First detected this October, the Conficker computer worm targets the Microsoft Windows operating system. Experts believe about 10 million computers have been infected, the vast majority of them outside the United States. Though it was widely believed that the infected computers would be used maliciously on April 1, nothing happened.

But Santana said it's only a matter of time.

"Eventually it will happen, because there are lots of computers that are compromised," he said.

The April 1 date was widely publicized for a reason.

That was the day the infected computers were programmed to "phone home," or check in with the master server to see if they should perform a malicious task, said Carlos Zevallos, a security evangelist for the company.

However, there was no particular reason the task had to be carried out on that day. And the more attention the story drew, the less likely it was that the creators of the Frankensteinian network of zombie computers -- known as a "botnet"-- would feel inclined to flip the switch on that given day, Zevallos said.

As an analogy, Zevallos invoked the idea of a work teleconference. The boss may order people to call in on a certain day, but could easily reschedule if something comes up.

"The whole business mode is to turn machines into part of a botnet they can use to do various things, such as steal data, initiate attacks," and the like, he said Tuesday.

Like a surprise attack or burglary, it makes much more sense to do this when the victims are unsuspecting.

"It was a good thing there was attention paid, but the amount of attention was inordinate when weighed against the reality of the actual threat," he added.

Panda Security officials say bottom line for hackers these days is money: "It is a real business," Santana said.

Santana believes that the majority of the estimated 10 million infected computers are located in areas where piracy reigns supreme and computer security is lax, such as Asia and Latin America. Experts believe only about 6 percent of the infected computers are in the United States.

To illustrate one of the many ways in which the computers could be used maliciously, Santana cited spam.

The zombie computers could be used to collect emails in the hopes of selling them to an unscrupulous distributor of a popular online product, like, say, Viagra or porn, he said.

The virus creators could approach such a vendor and say, "Pay me $300 and I have the ability to send a million emails which are not going to be detected as spam," Santana said.

In general, to avoid computer infections, users should browse responsibly, Santana said.

"You don't go around a bad neighborhood in a big car or with a wallet in your hand," he said. "There are some bad neighborhoods on the Web."

Santana said many computers became infected by Conficker when their owners visited sites that allowed them to download illegal software, such as pirated versions of Microsoft Office. Others, he said, were infected on porn sites, as well as a specific music-downloading site called

He advised users to purchase the latest update from Microsoft Office, as well as good anti-virus or computer security software.

"Obviously, I always recommend Panda, but there are others out there," he said.

Panda, he added, has created a free tool called a "USB vaccine." The tool protects computers from being infected via CD or USB flash drive, often referred to as a "thumb drive." (Click here to download the free tool.)

Zevallos said high-profile malwares such as Conficker can be a double-edged sword when it comes to public awareness.

On the one hand, the hot glare of the spotlight can scare away that particular cockroach, but on the other hand, it takes the attention off all the others out there.

As an example, Zevallos cited a lesser-known computer worm called "Storm," which he said is at least the size of Conficker.

"(Conficker) is a nice story; it's something people can look for on a date," he said.

Ironically, the Conficker virus might have been good for business at Panda,
Zevallos acknowledged, though he added he doesn't have access to sales figures.

"But certainly, inquiries and things like that, they do rise whenever threats are made public," he said.

Source: (c) 2009. All rights reserved.

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters