"The big concern right now is that there's a date inside of it, that something may or may not happen sometime on April 1st," said Mark Shavlik, computer security expert, president, and CEO of Shavlik Technologies in an AP interview.
"Now maybe, sometimes, nothing happens, maybe a lot of things happen."
Shavlik says the Conficker worm is already on millions of computers and can hijack computers without users even noticing. Among other things the worm blocks PCs from accessing the web sites of antivirus vendors and Microsoft. That keeps its victims from getting updates about the worm and downloading removal tools. If you can surf the Internet freely except for those websites, that's a good sign your computer is infected. Mac users so far seem to be immune.
"[I]t spreads by no password or very, very simple ones," said Mark Harrison, global director of SophosLabs in an interview with eWeek.
Microsoft has also issued a patch for the flaw targeted by the worm, so PC users who downloaded Microsoft's automatic updates recently should be protected.
Botnet detection company Damballa said Conficker is not a major problem in the typical enterprise.
"We do see Conficker compromises in enterprises," said Tripp Cox, Damballa's vice president of engineering, "but they comprise a minority of the total number of compromises we see in these environments. The majority is the long tail of small botnets."
Cox said Conficker was neither targeted nor "low-and-slow", so existing defenses performed well.
"Our experience with enterprises has been that they tend to do a good job of patch management," Cox said, "which diminished the propagation effects of Conficker in the networks. What compromises did occur, most enterprises were able to quickly track down based on their noisy, brute-force attempts to guess employee passwords."
No comments:
Post a Comment