After all the hype and a concerted effort by the security research community, much still remains unknown about those behind the Conficker worm. At the RSA Conference in San Francisco, attendees express a mix of skepticism and anticipation about the worm still plaguing Windows PCs.
The Cyber Secure
recently added one more number to think about when the security
community hears the name Conficker-9.1 billion.
That is how many dollars were lost in terms of wasted time, resources and
energy as the cyber-community
dealt with the worm,
variants of which over the past several months have
infected millions of PCs.
Still with the relatively small efforts being made to monetize the worm,
some at the RSA Conference half-jokingly wondered
if the Conficker worm's authors
were mainly interested in sending the
security community into a tizzy while experimenting with ways to build a
well-armored piece of malware.
Click here to see scenes from the 2009 RSA Conference.
At the conference, held in San Francisco
April 20 to 24, researchers expressed mixed opinions about whether the fear
generated by hype about Conficker was useful or harmful. Weeks after the worm's
"big day" of April 1, however, researchers can still only speculate
as to what will happen when the latest variant, widely known as Conficker.E
but also known as Downadup.E,
reaches its "untrigger date" in May.
expert Bruce Schneier
noted in a blog post during the conference that the
fact that Conficker's authors gave people a specific date to anticipate helped
crystallize the fear many felt.
"It's a specific threat, which convinces us that it's credible. It's a
specific date, which focuses our fear. The huge, menacing buildup and then
nothing is a good case study on how we think about risks," Schneier wrote.
The exact number of Conficker infections overall remains in dispute, but the
Conficker Working Group currently has the number of unique IPs infected with
variants A, B and C at more than 3.5 million.
Kaspersky Lab recently analyzed peer-to-peer traffic between Conficker-infected
computers and found about 200,000 unique IPs
were participating in the P2P
cautioned however that that number only includes computers
participating in the network, and that the actual number of infected PCs is
There has been relatively little in the way of income-producing activity
tied to Conficker. The worm has turned up in connection with a scheme to trick
victims into paying for rogue anti-virus software.
However, other than
that, there has not been a huge stream of money coming from the
worm's network of infected bots, numerous researchers said.
"Right now the motives are not completely clear," said Steve
Manzuik, senior manager of security research and engineering at Juniper
"But it would seem to me that there will be a money-making
attempt simply based on the effort put into the code."