Contrasting opinions on the impact of Conficker have been cast after a huge media campaign of awareness.
C. Edward Brice, SVP Worldwide Marketing at Lumension, claimed that the latest network traffic in China indicates that Conficker will not materialise into the ‘overhyped sensation that it turned out to be', however the publicity has created awareness.
Bryce said: “If there is one gift from Conficker it's that it served as a wakeup call to everyone in that we must all realise that traditional signature based perimeter defences are no longer effective in stopping sophisticated malware attacks.
“Organisations today must add new technologies and layers of defence such as device control and whitelisting based application security if they are to have effective approaches to combating malware.
“However, let us not forget the most important lesson of all in that if organisations were vigilant in their vulnerability management process and patched a known software vulnerability back in November of 2008, Conficker would have been nothing more than a tiny blip on the radar screen.”
However Mark Osborne, director of information security at Interoute, claimed that he has seen prevalent Conficker activity in Frankfurt, London and Milan, with the overall number of alerts per hour doubling as of 9am today.
Osbourne said: “However, it is not currently being used to launch an attack on a specific target. We are not expecting the owners of the Conficker botnet to fire off a large scale DDoS attack as this would cause them to loose their asset.
“If any attack is launched, the participating machines can be detected and cleaned, leaving the owners with no asset. Having said that, the owners may want to show off a little bit and prove that they do own the asset, so we are keeping an eye out for a gesture DDoS attack.”
He further claimed that organizations should look at next generation networks with built in DDoS defence capabilities, as these attacks can only be defended by a substantial resource dedicated to fending off the threat embedded in the core of a substantial network, so that latency and bandwidth is not impacted.
Osbourne said: “The absence of a ‘Gesture Attack' will no doubt mean that the botnet will be used for SPAM and general Trojan activity (i.e. sniffing for passwords and credit cards) which is bad news for over-strained email inboxes – a massive increase in this activity may well test in-house solutions which are often size constrained.”