Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database
    • IT Management

    How Much Is Conficker Really Impacting Enterprises?

    By
    BRIAN PRINCE
    -
    March 27, 2009
    Share
    Facebook
    Twitter
    Linkedin

      With all the buzz over the Conficker worm, it remains an open question at this point just how many enterprises will actually be affected.

      Between the presence of tools to remove the Conficker infection, a patch for the Windows vulnerability it exploits and general awareness, it seems enterprises should have a good handle on the worm. Whether they do or not may depend on who you ask.

      The folks at Damballa, a company focused on botnet detection, said Conficker was far from being a major problem in the typical enterprise.

      “We do see Conficker compromises in enterprises, but they comprise a minority of the total number of compromises we see in these environments,” said Tripp Cox, vice president of engineering for Damballa. “The majority is the long tail of smaller botnets.”

      Conficker, Cox noted, was neither a targeted nor a “low-and-slow” attack, so existing defenses performed reasonably well.

      “Our experience with enterprises has been that they tend to do a good job of patch management, which diminished the propagation effects of Conficker in their networks,” he explained. “What compromises did occur, most enterprises were able to quickly track down based on their noisy, brute-force attempts to guess employee passwords.”

      Still, someone was getting infected-at one point, security researchers put the number of compromised PCs at several million. In February, Fortinet’s threat research team estimated there were about 100,000 exploit attempts each day from Conficker. For March, there has been a slight drop in exploit attempts, but Fortinet expects that number to jump back up in April.

      “You would have thought that something like Conficker would be a nonevent for enterprises,” said Mark Harris, global director of SophosLabs. “The patch was available early, it should be very straightforward to patch it, it spreads by no password or very, very simple ones … I think the experience that we’ve had over the past couple months is that security policies within organizations are not as good as they think they are.”

      Given that it is unknown how Conficker will update itself next, enterprises still need to be on the alert for the worm’s next move. It should be noted though that while Conficker C will begin contacting new domains April 1, the actual update could theoretically be unleashed much later.

      “As long as the hacker has not activated any domain, the worm cannot find any active one and thus the return of Conficker will never happen,” Nguyen Tu Quang, CEO of BKIS (Bach Khoa Internetwork Security), said in a statement. “In short, the return of the worm may be on April 1, 2, 3 … or even any arbitrary day, depending on the hacker.”

      Quang was optimistic that the efforts of those fighting Conficker-the code of which BKIS researchers say is related to 2001’s Nimda worm-will make a difference.

      “We also observe that with their great efforts, Microsoft and Conficker Cabal … have successfully taken control of at least 13 percent [of the] domain names that the Conficker writer may use,” Quang said. “That also means the spreading rate of the worm will be reduced by about 13 percent when it returns.”

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×