Forum: Conficker confounds security industry
- 15 February, 2009 22:00
The French Navy was reportedly unable to launch fighter planes because of a computer worm infection this month. The planes reportedly could not download flight plans.
The worm causing this disruption is Conficker, aka Downadup, which readers of Computerworld will be well familiar with by now.
Since early January we have been tracking the most serious local Conficker infection, that at the Ministry of Health, which remains largely offline due to fear of reinfection. Health is still suffering despite seeking help from a bevy of local security professionals, including Microsoft, which released a patch for a vulnerability that enabled the infection in October.
Around the world the contagion continues to spread. Other victims include the UK Ministry of Defence and Navy, including the aircraft carrier Ark Royal, hospitals across Sheffield in the UK and many others.
At the end of January, IBM tracked over 1,000 instances of Conficker in New Zealand. Indications from those statistics are that New Zealand is being hit somewhat harder than nations of similar size, which may say something about the age of the software in use or our lack of patching — or both.
The Conficker worm mutates, changes the web addresses it calls and once inside a system tries to break administrator passwords.
Organisations with recent versions of Windows that have been promptly patched may have avoided the infection, but experts are warning they can still be infected by USB keys.
All of that adds up to a nightmare for administrators — and we still have no clear idea of what this worm was created to do. The payload and purpose of the worm is still something of a mystery.
It seems incredible that despite Microsoft acting promptly, to deliver a patch and a removal tool, the time and effort needed to cleanse a major corporate system of this worm is immense, and even when that is substantially achieved, services remain restricted.
In the past, I have been a critic of the kinds of restrictions that users have to bear in corporate environments. Restrictions on the use of USB keys are one of these. I can’t say I’ve changed my mind about that; there is always a trade-off between security and functionality and ease of use.
However, users should take a long, hard look at Conficker, the likely fact it was just such a USB that caused the infection at Health and in those other sites, and cut their administrators a bit of slack next time they find their use of IT restricted by security systems or policies.
As for home and small business users, maybe you should think twice before turning those nagging Windows Update messages off.