The final word on Conficker?

Opinion by draywood

On Friday at the end of a very busy week, I met Rodney Joffe, senior vice president and senior technologist of Neustar and a director...

On Friday at the end of a very busy week, I met Rodney Joffe, senior vice president and senior technologist of Neustar and a director of the Conficker Working Group.

Keen eyed readers of SC Magazine will have seen the two stories I managed to write from an in-depth hour spent with Joffe, including his claim that the worm could result in the loss of human life, and another where he believed that the worm was responsible for the Ealing Council shutdown.

What was also interesting about this particular meeting was Joffe's insights and statistics on the worm, including his claim that the ‘US government is looking at working with the group as an example of how to bring the industry together' and how Conficker uses MD6 so there is not an issue of breaking the cryptography.

There was also a strong sense of pride when he told me that ‘Obama referred to Conficker and the Working Group as a lack of preparedness and effect'.

So apart from the claims that were turned into news stories, what also caught my attention were the claims about the 1st April. SC was one of the first to talk about the fact that something actually happening on that date, and followed this up with a story about variant ‘E' a week later.

Joffe said: "On the 1st April nothing happened so many people ignored it, but this is a major player in the underground and when you develop a piece of malware you want it to be rigid and impossible to detect and remove, the authors used cryptography at the leading edge and that is part of the problem.

"People say nothing happened on 1st April, it did an update but it has been affecting British business since January 2009 but I am not aware of anyone who is adding up the cost of Conficker - Ealing has a £501,000 bill, but the real cost needs to be conducted."

Joffe was also cagey on the total amount of infections, some reports claim that it was five million while eight or nine million infections had been reported. This was dubious, according to Joffe, as he claimed that ‘many businesses will use one IP address for 1,000 staff'.

Either way, there is no doubt that the headlines made by Conficker in March and April turned a lot of people on to security and made them much more aware. The lessons learned by the industry will also be long remembered, and as Joffe claimed, next time we will be much better prepared.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events