Latest network traffic in China indciates that Conficker will not materialize into the overhyped sensation that it tuned out to be; however, Conficker turned out to be a very important lesson for everyone.
Conficker is an aggressively spreading computer worm that has been laying down a powerful botnet infrastructure that can then be managed by malicious controllers. Conficker has been causing havoc since November of 2008 when it first exploited a software vulnerability MS08-067.
This is where the problem started. What was most interesting was that the initial appearance of Conficker utilized a fairly sophisticated polymorphic approach that exploited a buffer overflow vulnerability to remotely distribute the malware code throughout IT networks. Later variants of the Conficker malware leveraged USB devices to propagate the malware code onto new endpoint systems. This combination of high-tech and low-tech approaches proved highly effective by evading traditional signature based perimeter defenses.
If there is one gift from Conficker it’s that it served as a wakeup call to everyone in that we must all realize that traditional signature based perimeter defenses are no longer effective in stopping sophisticated malware attacks.
Organizations today must add new technologies and layers of defense such as device control and whitelisting based application security if they are to have effective approaches to combating malware.
However, let us not forget the most important lesson of all in that if organizations were vigilant in their vulnerability management process and patched a known software vulnerability back in November of 2008, Conficker would have been nothing more than a tiny blip on the radar screen.
We along with others in the industry are delivering added capabilities to our Vulnerability Management Solution that can enable our customers to automatically scan for and detect if they have been infected by Conficker and can then automatically remove the malware.
Let Conficker serve as a much needed lesson that we must be vigilant in our vulnerability management processes and deploy additional layers of added security technology to address a growing trend of malware that leverages sophisticated and unsophisticated approaches to bypass traditional signature based perimeter security.
