Security Vendors Deserve Some Credit for Conficker Response
Sure, there was hype leading up to the Conficker catastrophe that never came. But CSO Senior Editor Bill Brenner thinks security vendors and their PR reps deserve some credit for restraint this time around.
By Bill Brenner , Senior Editor
April 01, 2009 — CSO —
I planned to make this a column about how the security vendors and PR flaks blew things way out of proportion with Conficker. I was ready to take them to task for predicting an Internet meltdown at the hands of what is no doubt the most prolific piece of malware we've seen in some time.
Instead, I feel the need to give them a little credit for showing more restraint than they've shown in the past.
Make no mistake about it: There was plenty of vendor-generated FUD circulating on this one, and my e-mail inbox was flooded with gems that included a pitch on how one vendor will show how easily Conficker can take down a virtual network at the upcoming RSA security conference.
"The virtualized data center presents an especially fertile habitat for Conficker because of the lack of visibility and control present within the virtualized environment," the e-mail pitch warned. "Communication between VMs on an ESX server doesn't touch the physical network, making it invisible to traditional network monitoring tools and unprotected by physical network security devices. As a result, it is easy for worms like Conficker to spread quickly in this environment."
Oh yeah, and don't forget to buy said vendor's virtual firewall. It's the first firewall of its kind, after all.
Another PR e-mail noted that while its vendor client has seen very limited activity to date with Conficker, "Conficker should still be considered a serious threat [because] millions of machines are infected and the capability is definitely there for attackers to use the network for nefarious purposes."
But I also found an abundance of vendors who went out of their way to talk everyone off the FUD ledge. When one British tabloid wrote that "Millions of computers around the world could go into meltdown April 1 because of a deadly virus," Sophos Senior Technology Consultant Graham Cluley responded in his blog that it's easy to see why, with headlines like this, people are in such a panic.
"It's just as likely that Conficker will receive instructions to do something on March 28th, or April 2nd, or April 14th as it will on April 1st. The emphasis by some media outlets on April 1st is really unfortunate," he wrote.
Luis Corron, a director at Panda Security, sought to cool heads in a blog post entitled "Don't get taken in by the Conficker Panic." He noted that the bad guys aren't going to melt the Internet because they need the infrastructure up and running to engage in their money-making exploits.