For the most part, companies that have patched the vulnerability that the worm exploits and updated their antimalware and intrusion-detection software should be adequately protected against the threat, security managers and analysts said. Even so, the amount of hype generated by the worm is pushing some to review their measures once again and tweak them as a precautionary measure.
"We are concerned," said Matt Kesner, chief technology officer at law firm Fenwick & West LLP in San Francisco. He noted that several security analysts think that the worm is extremely well-written and updated to respond to counter security measures.
"This has caused us to take it more seriously than most virus and worm threats," Kesner said. In addition to ensuring that all of its computers have been updated with Microsoft's patch, Fenwick & West has instituted a new procedure to "scan every file download from the Web" to make sure nothing malicious gets past the company's defenses, he said.
The Conficker worm, which previously was also known as the Downadup worm, surfaced last year and has emerged as one of the biggest recent threats, both in terms of the number of PCs it has infected so far and for the sheer publicity it has received.
Though exact numbers are hard to come by, the worm, which takes advantage of a vulnerability in Windows, is so far believed to have infected millions of PCs worldwide even though a patch for the worm has been has been available since last October.
Since first appearing last year, the worm has so far mutated into three different versions, each one more sophisticated than its predecessor.
The latest version, known as Conficker.c, features several measures for evading detection and is programmed to start contacting its command and control servers on April 1, presumably to receive further instructions on what to do next. The mystery surrounding the worm's next move -- and its recent featuring on CBS's 60 Minutes -- has attracted more attention to the worm than is usual.
"The 60 Minutes segment certainly has caused CIOs to ask about Conficker," said John Pescatore, an analyst at Gartner Inc. "It is just like the old Slammer-Blaster days," Pescatore said, referring to the last really big mass worm to hit the Internet.
While the Conficker worm certainly represents a serious threat to enterprise and home PCs, the approaching deadline is not as serious as the media hype would suggest, Pescatore said. "Conficker is not a noisy attack, and it does a good job of hiding itself, he said. "So, some FUD [fear, uncertainty and doubt] has been justified, but the April 1 deadline has been way overhyped."
No comments:
Post a Comment