|
|
|
10 Reasons Why Conficker Can Happen Again
By: Don Reisinger
2009-10-28
Article Rating:  / 4
There are 6 user comments on this Network Security & Hardware story.
10 Reasons Why Conficker Can Happen Again (
Page 1 of 2 ) News Analysis: The Conficker worm affected users nearly one year ago. But now that it has left the headlines, there might be a false sense of security in the Windows ecosystem. There shouldn't be. Even the most up-to-date security programs are hard-pressed to keep up with the latest threats. There are countless millions of PCs and thousands of applications that aren't protected by the latest security software or have never been patched to close known security flaws. There is no telling when some new virus or Trojan as cunningly malicious as Conficker will appear.It was just under a year ago that the Conficker worm was first detected. It
was ravaging Windows PCs all over the world. The worm exploits Windows flaws to
link the host computer to virtual command that can be controlled by the worm's
remote authors. Conficker still controls millions of computers all over the
world.
But as Conficker
fell from the headlines, many of us forgot about its potential danger. And
in the course of a year, not much has been done to ensure that a major breakout
of Conficker or something similar won't happen again. Simply put, the threat is
still there and, unfortunately, it can impact users once again.
Here's why:
1. Security is a "catch-up" game
Unfortunately, operating system security isn't proactive. In most cases, an
issue erupts and the security community scrambles to fix it. That happened
with Conficker. And since the worm is still impacting the globe, there's little
chance that it won't continue to happen. We need to catch up to the malicious
hackers.
2. Blame the users too
Users don't spend enough time focusing on their own security. Conficker was
able to infect so many computers because users just don't know how to handle
security issues when they arise. It gets worse when Microsoft releases a
security patch for Conficker and a large portion of its users (30 percent,
according to most estimates) don't even patch their systems. Until users
understand the security ramifications of their actions, Conficker can very
easily happen again.
3. Malicious hackers are becoming more sophisticated
Since Microsoft and security firms are doing a better job of combating
security issues, malicious
hackers are becoming more sophisticated. Nowhere is that more evident than
in Conficker. It wasn't a simple Trojan or virus. It was designed specifically
to capitalize on the weaknesses inherent in Windowsusers and code. It was a
sophisticated attack. And so far, the security community is having a hard time
combating it.
4. Windows is still Windows
It's no secret that Windows isn't the most secure operating system on the
market. Most malware producers see it for what it really is: an easy target.
Not much has changed over the past year. There's no reason to suggest that
anyone who wanted to mimic Conficker's impact couldn't do it again. Windows is
still Windows.
5. Security programs aren't up to the challenge
Although there are several antivirus and anti-spyware programs available to
Windows PCs, the
vast majority of those machines simply don't have the capability to identify
and remove all the security threats that impact the Windows ecosystem.
That's precisely why security experts tell users to have more than one security
program running at all times. Until security programs can effectively manage known
issues, how can we expect them to manage the unknown?
| | Reader Comments: 10 Reasons Why Conficker Can Happen Again | | >>> Post your comment now!
| | VulnerabilitiyA couple of quick things to mention; Secunia PSI (Google it) is a easy way to check for old software with vulnerabilities, and gives simple answers... Posted At: 10-31-09
By: Anthony | | | | | | Multiple AVs ProgramsYou claim "that's precisely why security experts tell users to have more than one security program running at all times." I take issue with the... Posted At: 10-30-09
By: Anonymous | | | | | | A user comment on this articleThe comment about you not being able to be proactive towards security and that we are only able to "react" is a false-statement. Companies like eEye... Posted At: 10-29-09
By: Anonymous | | | | | | sleep well anywayQuit losing sleep over the ones you lose. At least you have deniability: you can say "I told you so." Or, as the conventional wisdom has it, "Don't... Posted At: 10-29-09
By: Stratocaster | | | | | | Just do the right thingsIf you follow even reasonable security protocols, this stuff passes you by. Unfortunately, that's hard to do. I argue on a weekly basis with my boss... Posted At: 10-29-09
By: Dan Sichel | | | | | | Conficker Isn't the ProblemThe problem is the IT community's (lack of response) response to the problem(s). By all acounts it's a significant problem- 90% of email traffic is... Posted At: 10-29-09
By: BobboMax | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������x}ks㶲*�Q3Co{)ٖ:c[>fIm�!1EmM
/=hɏsw&-�`�n4���Iș�=&1(ٝ:FߧCޚ%w>;�&(ˑ�ԫ��R]}�n�w2v=7v@\��}@^cFw��D%x�_'Щ�ѩ�wɄIP�ް+S}L}�F�6�\�3�Ѣe��eb
^Pk$ȁ_
ܢ�%yH}�u)p}(DsXq@��G�Ha��T<ش�'�}RTR/F�<��w�kb�|�5~yf� �;�U;ar7@Sѡ*v�25v+n
�/�@^��c\ȁ\nh�=�T��L=iT�VE��;&�3ÝtXF?D���Cr<�r@J�53ҧ�=SےO=s��뺎;�5H��`��ZT$ny$DJH�n6�,!\�G-%0/`=2}h���.*�!}=
:Ї7cϙ>y֛I�]Ԓ],r"U)����wC'��>dС!ZdQ=}ٗe��fe�o6
usRM*AR,הb~/^ߙiM�7?toߺgJY4Ew/ڧ9��~�]`
v$���yEs3�i^�wD߀*�0QI-�i|/�Z@��::fv}��j�#ty�[^ Ԋh�ZAAv��,f3}�3�+i3*5dvw,?[Z�U"UuY6f0Zh�C�A+tV?#[sHժ}qܹ�9n}n�
_Gt@
��Wh: Noz�6O{:$O-rK=����j����Z-$5�QeL�xY$Y.�qz;?#�[W )�@}�9\P�lmV7-}`Z`1 �5fCJKm@i0x�zE�ȣ��$@�!��-i]�R@A�z68��-�8�,rr8����ޑ�vZ*&R��P*m=!ԑt挝Z*ݗh3aGe�-n^
$�d6g2+IMipj1!U�G�,D`v9J,L��.�[
O�6�jԍe�bQ9дZ
�hқ�̡ K9b�i]y�ge&,`b� ȱ�&�#
K8Y�)�0�cϹ`��
�Iױn)`6Ê0ӊYsƾ��
s��>�xF~KM�95mX0NDWj�m>!4ÃiА4XĹæ笳Z&5�SN`3!W6ql9`n5�ډ<\y͏O���@}(�N5i�:O̗SږiMS�}77UBgsNPB/W2 \_&VAB5
6d:ɤPl';oW f4ݤ|r%e�{Rr=""�ǰ]_7n�>DL)^HIRЙj!@�9z٧l�)�?ΖuV�kͲ�{_�No6�Ҟy4�m�
{g�@x�� dlK/,:�+c:JK�_ji��hH*6�@\X1,#��%Σ�?0�Z�Ԓ6;6Ϟ#}nvP
jrA5 )Kb�4EsXjgܰ��&���P
���!r?�Ll5K� թw@�4�="I;k\Oǎ�hr��Ng��G ��ǏipLa e ֤ԪLM>kQ@��_ƅ/c%�|o2rl\�:|ꚺ8--�'uaGhJ37s4&UE8`
;Dz�Ӝh2�F��ÑiHuߴ�IFʫ%e�&-�KrI)jLycl
�ԑq,�Y�X�Tȱ,.0}6u{NPOK-sӞ�@�#g@:"��GѠ�c�D8r_(+
cG��/:OQ�*#؊�W�k�h@c4e2f�L4_�0-8cJ�D9xXPr'R�B�
SK@G�Z``EL�s�ǖ�YCǖbT۔Ђ���|T�=OҶ@%�ХÙ.pӞ�rFVyYBf?K�~T+BZ=L
AQT*8Y+0yϸoGL]:��h�/Op}}O}Ө7?�'_Z^Sz~gn-!'�שeXTe���1�0k��fW��#cJI+$#�v�*'
L-`����wf^=/YQSןlf#�1��8�D"pL.Ǧ?_C#�+Z
&`�|ѺI�Pɑ!Y�d:w@�ݐ�?�z7f��y�@L� G�z�x��؝�L�HuҜ�1o:+@�5-r
I� �h��5�[S3GťR�
����#f�
>Lu��*Z֬}\�b^
�چH��B&:Gd@���#`ЎT8^w\܁c:P>H(TX�g7cMEH]ac6U�{z@n�)Z/GGvhT�JD噛>�7=ϼd[̌<9y�n2$8z0JL;O%95$_ۂ�3BuItLe``l�ԇ73W>�yUm{6~
&zi0bw)n<0{�L3gJ�=6
Ph�o4r�l2~6PZMm"z';"#�əV �̼k~{?I�L-�yTJJ\�ӳ
$J+@:erЗS~<�^gTU;My�Rf̚,*C�jm>a,0r&]C)&!jخOl�I�TY�) �q
g@Zf2U)+e"m=O�\X��Z>���&R�rEu�E�;tЋ7*P#I�{(U?"⃤:n2R�BE-) CD�D\t��9
^��
lZv~ZC��kpo��=
2j>vR�`fK�&�2��_v�ܖ[J,]@��a
u0
mlrKz]wּXC8̕5%8IX�\%=QXt �Z:T!�odUT :*ijAROpӁ9tGl~" tDwe2qy27(k�Mn@���&ݙ}�adJ@*�5�]�*; 1s0�G\�0�R,W��zH��p?l��Z.+B�vA�*�s>P�9��ɷw�nhmCXx|{
`?K�{e, ,"z��дR#.=2��fV(Yŵ?hhqL��_~ۅ^kUeAb���E1 wcyJV�~�ZgZP�N0ƙ0ƶO:�=y>G�W~_He;�u�i� G߫%~KKx�fqoR>)��X|ptq,ϛ�Zb8�!�,5ށ�
�`i0Fnx{@(}�̿{9Ee}A0lgg^�hy- 8$+^s.7>/ėt:g+~R/ZR1^R`&�
yprU4+$Yy��|hq\3)6MF���0Sk�CwȰ�� �J_ƥsuܺ̂q�՜$�"j��ON3dn,Z4�ΊGA�
Bf/�3�b!|J�<�AP���{ r
H)'4
�YKtb;3Ğu=hh��!��:Uaҏ"�(BS.iDO�g4uԹjr#�l�}FF/JN�nV� R-[N7c+t,#?^/8�ʚ��=�?E]��N:n&=B2�^'68�]h)9��H�BE/p���"Ts
8zLLàv)fT��xi'>�gax!w,n?q�%՝b"w?BٸEO,}[�[&O#`A�S:%I�# �m$jRSfj�# $_2I,v+htlA͋ j��Ú�mf�.iغm|d`�\`ql)Za""|)Nr
>j�`e>�![yRb}�b%%h8W:Brc���?<-9G�s`:#<5�@´+4�zTVHlw3`=Ҷy~`ѴGNx�Ć#^@)s^XL2k=�x+�gY.t0w}d#Σd�fcT1;�'�]���9zl}
D{O{,�b8#�q����vϓ;~�\[ܕ𣉣S99P�n8C�gaBxYa1~h8Sݴ�?r!��iZWyw
j�`~%XDRo�BGH|9zÿ§G�� �[s�]3g伉a-ћnQW�{2�.}?I+I턟��y�cP]�Z�SϏ$٘NB�EWU-u*lko r�YpJEWVr;d�,�'c,n�9�P2QvA�JG3{ȶa�q�e�c�ov}{�U<� ᛟuϯ2i%~W�J�M݅[i}D)]K5"�v�ًKqɧyeQ�j�ȓG��D6K`!iv.R;+�!bi4V3�[T=}[fv?sD:�>dO#@/,v p6tY��~�AXy� �VorlK9Grs&�8<��� $F�euw#�S�''Sc3H�F#%k&OSϱ�mF�@|Ր�g��;as*|�b��\<�e�/&�qFL>�>b6,-�o(rx[>r<+xԲR#B<,\O�DŽ:w�kǻ᧔у�DA2If�\4d(,�x�SEGX?&Nc=(}�gILN0K`Bd\dAWAg\�
̿ �K=gjB{sL@-�rF[06|p4uYD�����fأw�ZLMsuTndAň~�wti
wR�JY,Lɒ+v>oW�H\JCym�"][U"+pL:bV9�k�i1�&rcHnnM/aa�V{R,S4jF�<�3��[�&oqBieÅAL"WQAJaՊ&X`��
.��"@�5Hr�Ol.$�tty*�j=v]S�Z%eI?y#~9-F@�0C^Y?KWfjR� �LAa�3ݳ�R+եB"9�O�];�-Bx#��tT>���QV>nJn4%Sn4Zd�v>]�tx[Jjm]�[ig+m��-Kl�s"�HBM�6sqT+�=��C1=ҁ�@C� JVjZېB)��Z�ֳe�=H6�jMY+Bϗ.uO,jI30%z
�[�PW:q;3$)Z��_> �J�T"�J�W՞B@"J1oE_yb0ч(ˡ#f|tx�@Ry�+M�z8+r0n8z3�D�`0e��
2o�o8��+;^;^;^;^_Z*Uէ;^cp/J:XsmP]*(���#bVz�_y~j{ڷubda�XHc
G{v�4�% Dj7Gt\|\6�g�v\j`#��q+EUVj>
{,�� G�?%@;D���J8�d烵!>�ݺ:J�!
tz� S�=�n et,��IZXP>-�l`�$l'o
[ Q�lWf�L瀲!'>%沜f@M(<;1at+�DK���p�АJjP(=q>�@0�J'&!���HǞ�!!"@c�rɋRqF���<��}Ja"[
oY9�ﺒz`(�8exQ�~�6`IrZ�ՍY�Su>� �{�5�̆\Z~vOF>F�nbH�N��̀ڂ"�-��D�bf'��u5g7�� ƕ"xG�>�|�҅T{>j5
ԆlXv�c需Gͥ,�$f4$^�S06�5
]+�<�H�0x$�^��>#�t#x�?$=<������`^�6TpAs�5]v\X�#F{z=�Sg2
I�/o+L��7E[u�I�~cm{Zd�ƶoi>�%�㡸$��Am~[��$W8��D6��ks�bQ}�k~蒙%[�O5�Ω�I\o6Y1|0i�W
a
ƺ~0GxN:t�8\cg[v_ru\m7מ9�p�Y�;J^+w nUM�+x A?W¨�1;2n:u\ݲ^��Hj3�[f�ߚG�b.{Y��M=xP!J�jf5�A�NMQd6S7{�M_ro��&`�l�j�V���S0(�V=~]��Uֿe=:unR2Y,3�eeXZcg3�F7A-
@ɼ#�Ь%5:&7UJD:`�5SXD)�2O�Jf�>5L/h`
�>D%�/'� z�towwv�{�s)5�17
�5wy_ڳKۨ_x��b��Ɨy�ҚX�'ɻZӈat�b�%1Y~�Gj���OP5f.f�:�!T� 07�^9o<\7#D<&ƘKjx VQjj~zz_ZbiE�.c
2ü
i��ۍ"�r\IoA�$TG8*R��M�h�`@Qͧ5:�@
�lN��`C��y�?�VzZ3�nL?�ؕZ�n&�,m'h�zBRKo^y\ͪND\`ͪ}ȩ�gLF[Tx�vX՟�K=£8���"�ZM)RӰp-|ri?�NRUzB��9wI�x�B��RRꁻ!~c�TjQ��y�/:a�9�۴?��Փ>/,bGc�0/Ƙ�`^*iB¼{֜�TXC.,~90Yji+�
1 M��sS��g����|}P�.[�o�zpWӸ&K�+.
x4�I`~�ki�㽽Ԙ�o$5Dd#婞Ngvx@�ө��Hۡ蚛[*н,%&hP��g+1~$js{-6z�X��M��Yqc[RJBYIc0�":;Mk�f�:'ۦ� l����Duq��� J=�z%r�k1f㍸=zm@�rBGh%=QH�
4&�{J;��S/� L%&�H!�4�w#\��P�|*C7痟p+PתۃVw>@2Io��H��H]�U#
`�x9J(��Flu뵮a�C�;3&2�U`#o��M}NG��+�'{��r�`(LjxT/]A�]É1:�?�pa)?Eo8fkH� s)��W�]�0�"}~���f�6L-�
D.Ƥ"c�*41GJ[!�}s�UˤZ �45`B���RA~�9 2R�6")(0G#1C�LD:5L{h،6][c/:G>wڗLQZj��*�!b3wȣ4ϓo �}�˿�Ic�0�)T vqY�@��y#��LD�݂zG�(�nbJ ͍$[&\�KnfY)
&�X`�,2E<�Cezw?,�G�An2u:�`&*f�`V�\�ovN���+'��@=:ς؝ s!aZ;<�Q���B�<䱤�Pl�<'��֞O�Mo6��2Kr&(�p�
@Ka1c�~PoVR$4
>+�>g�ٕa)豪�ҕo)^�;ee�=M蕴B��^��Ȉq�/Y40�u0 }a3brMt�cѼ(3EF9\c7�Y_~�2l8�s<�s��{Asy�}��ρ?3�VD=VbM�dG,D<�mJ96�b�aOd_�f9ys"X�5̽p'W1W }^fp�#m~�L(���(GUtK�n��y�{�s%�|
#r�75i%p�ŭhg?>/�ydֺWWVF�+p'k͠~�%sS$N^@O'Ù�g�HX&58W�!-7�hlգ{h9ıմ)9P�3]&a�̀NuWЫ�ȹ&3b"�9�oє^\C�΅*˗ X֭2Y�Љn<��(
�`V{9 [2FlX jXJr�
9k;9�_\$ǖ�]`�so�R:=b�=<0�ۏ��V.�w�80~.6��*Ǥe�@�
v�/@Z�#i�^jIcYqP�3I�r�HxL´kÉo�+L�i��&G�[wz0$�Y�AƊr2���Fdu#�aq�1<́Pnl@PJmXn)P~GJq}�lPpzusʱ
EZ3EK~x\
��Hv2Ǧ?�k&-x��/GB�L�r �pIi/1S\G�q?Jh"v]!6
�R�Ň%O�3Ӟݳ;*:.���lt> Oa0~|08�[l,��)1�{NDM�=�1o��9/��s�{PN[CS)��Y`�_GFb��#+&�*�Up&�BC4BaaAtN[a��>$VSP}XG-N��-NtM[QD«�U/=��"�2cX
=��w`?Ec$T�vb5,l$9�=�A�Sh4��OW5���EXI%�9r\鱽�$0\d�~\g;Tlv[�=R�,���`+/2^�;'��'�\
�Xl=�l�%�P)@EikA/?jwH3ۉd&%�}YQ ��v.ym�ьU%8y�HRjPJrHqpC>��~�EE3`A�^k~kv��B�`{�)խ`�S�?"d!~/[v4R*4$NS��xsE�z�?��3&�
az:SAW��(|�x@loM�-e~��9-���)0�p,\f�tG��6�C�|�eK��x7g�ܨN~EVb0%�yMvSFߟ�2"�L�)� �ԢLSg(\*],1Ał?�vLw�9�9
3/�&U@�EqD'Py�ml<^|:y-�E�Ofu�ݎ2Jtlk�]!Kb�!C>`mR>ŔK�
]'[٧3�й?-{�w/���e[�n�_�X��(K#
L{ɮ�~9N!hՆG���0ޏq[7�PR�l@��xS
az
��˶�)E=b�
�9���QmQ-নN�?X70(|Ntu
ۊ|Va=r�k��s�`CΜ� *�φŀ��{Ⱦ���^f#1ثd�g)C2^#s!? L�n3m�^^kti�(�aa��vX�
|
Network Security & Hardware 
