Conficker hype a 'problem,' says FBI cyber-chief

People may have a false sense of security following April 1 non-meltdown.

Mainstream media hype leading up to the Conficker worm's April 1 software update may have distracted people from legitimate cyber threats, the U.S. Federal Bureau of Investigation's head of cyber security said Thursday.

"For the general public to focus on Conficker -- that's the threat they're worried about -- I think that is actually a bit of a problem for us as a society," said Shawn Henry, assistant director of the FBI's Cyber Division, speaking at the RSA security conference in San Francisco Thursday. "There are dozens of Conficker-like threats and vulnerabilities out there.... while the media stories helped to raise awareness, I think that focusing people on that particular aspect, perhaps took away their attention from the overall threat, which is just as great or greater than Conficker itself."

Although nobody knows the worm-network's exact size, security researchers agree that Conficker is an unusually large 'botnet' of hacked computers, perhaps numbering as many as 4 million machines.

However, there are many other threats on the internet, including other, less-publicized botnet networks, fake antivirus software, and targeted 'spear-phishing' attacks.

"Public awareness is wonderful," Henry said, "but I'd like to see coverage of the entire threat vector."

Conficker spread, in part, by exploiting a previously patched bug in Microsoft Windows. So if all the Conficker hype helped people patch their computers and get up-to-date antivirus software, then it did some good, according to Paul Ferguson a researcher with Trend Micro. However, he added, "it's completely ludicrous to focus just on Conficker -- it is just a symptom of a much larger problem," he said via instant message.

Conficker gained an unusual amount of attention because it was the largest worm infection in six years, and because it had been preprogrammed to change the way it looked for instructions on the Internet on several predetermined dates.

It's April 1 update was the one that caught everybody's attention, because the worm began using very tricky update techniques on that date, precipitating speculation that the network might somehow spring to life and wreak havoc with that update.

A few days before April 1, the CBS news program "60 Minutes" picked up on the story, and the Conficker became a mainstream phenomenon.

When April 1 came and went without any type of Internet meltdown, that may have created a false sense of security amongst consumers, Henry said. He summed up a typical reaction to the hype in this fashion: "I saw on the news last night and it was supposed to happen today and it didn't. Therefore, the next time something comes out and there's an advisory I'm really not going to pay attention because it's not all that important."

But computer security is important. And if people were to gain a false sense of security because Conficker failed to destroy the Internet, that could be a bad thing.

"I don't want the public to think that there's this one threat and we didn't really see anything so we're safe," Henry said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags conficker

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?