Wednesday, April 1, 2009

The real payload in conficker - damage to our reputation.

This week has belonged to conficker. We had 60 minutes do a story about malware, including conficker, and there have been thousands of stories out there this week about the "attack" that conficker is going to launch on April 1st. And just like Y2K, nothing has happened.

There was a lot of conflicting information being reported around the Internet too. Some sources were saying that Conficker was programmed to attack or deliver its payload on April 1st. Others were saying that it was going to start spreading itself on April 1st. I pulled up and took a look at the discussions around conficker and the buzz was huge. The only information (true or false) that wasn't getting widespread reporting was the fact that most security professionals were pretty calm about this. Particularly displeasing is that I got Rick Rolled twice while reading the articles about what was going to happen or what has happened because of conficker. For revenge, I'm going to use this day to send out a mass goatse.

The real damage that has been done here is that to our reputation. We sort of came off as the boy who cried wolf on this whole conficker thing, and the really unfair part is that I don't know any reputable security professionals that were predicting the doom and gloom that was attributed to us. Here is a choice quote "No this is not an April Fool's Day joke, this is serious. Every few years, the internet is hit by a vicious malware that wreaks havoc on on computers. experts are racing against time to mitigate the impact of this hazard. For some reason, malware creators like to target April Fool's Day and this latest attack, known as Conficker C, is rumored to be the most damaging attack seen in years. " Or how about this one from "Experts are unsure whether Conficker will simply display a harmless April Fools Day message or, for example, begin harvesting PC user names and passwords or even erase hard disks."

I don't know if it was the media, or paranoia, or people that didn't have all the facts, or just plain bad luck that caused this to blow up into the boogieman that it became. Regardless, I think we should find the culprit and shoot him/her/it. People are going to stop considering our warnings to be credible because of crap like this. Today the buzz on twitterfall is how conficker turned out to be nothing. Now the pendulum has swung in the other direction and people are feeling like you can ignore conficker, which is also bad. Here are some choice quotes

@net_news: "CONFICKER IS NOT HAPPENING. IGNORE CONFICKER. [Conficker Is Not Happening. Ignore Conficker]"
@H_i_R "@infosecsurvivor The conficker is a lie! "
@basseq: "Man, Conficker is causing some pretty serious problems here today. Not the actual virus, mind you, but the threat."
@angelcastaneda: "Oh, I see what Conficker does: It dumps a foot of snow on your car!"

In my opinion, the best twitter advise on conficker came from @marcusjcarey: "Security Professionals must remember the 'Little Boy Who Cried Wolf' ie. manage expectations #conficker". If only it were the security professionals faults.

No comments: