Identity theft expert states, "The Conficker virus is alive and well."

• Tweet

April 3rd, 2009 - Posted by Robert Siciliano

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Just when you thought it was over, it isn't. Far from it.

Conficker's rise and fall and the passing activity of the worm on April 1st has allowed researchers and anti-virus companies to better understand the virus and its impact. While April Fools was supposed to be the day of reckoning for Conficker, it wasn't and still isn't a joke.

Viruses often come with a trigger date, as pointed out by CNET. And while many fail to meet the media hype, they still can and often do cause millions or billions in damage.

The media does what it does and reports on the news. While they or even I may not always get the facts straight, the impetus is still there.

In a "Conficker Postmortem," CNET examines the media frenzy and points to a humorous spoof that Wired ran, a fake live blog from the "Conficker Worm War Room." CNET also points out that, "The New York Times called it an 'unthinkable disaster' in the making. CBS's 60 Minutes said the worm could 'disrupt the entire internet,' and The Guardian warned that it might be a 'deadly threat'."

The positive result of this media hype is that it brings attention to an ongoing problem for an audience that never considered themselves vulnerable to these issues. In my world, even Facebook friends and Twitter followers who had never reacted to previous posts on a plethora of IT and personal security issues are finally starting to ask the right questions.

"Your mom's virus," as we knew it, has become a part of popular culture. In a sense, this is a good thing, because it's now water cooler talk with the same level of buzz as Britney Spears going nutty. We in the security community couldn't ask for more and better attention, that may potentially enlist an army of security moms. Thank you, Conficker!

Still, Conficker is the most sophisticated virus to date and is still waiting to strike, which can very well lead to major data breaches and identity theft. As the virus continues to call home for the yet to be delivered update, researchers have determined an estimated 3.5 to 4 million PCs are infected on the Conficker botnet, which is the most powerful and dangerous aspect of Conficker.

Overall totals of infected computers may still be between 10 and 15 million. Many of those have a dormant virus that has the capability to wreak havoc, or that may have already been rendered impotent by anti-virus providers and IT administrators who have taken advantage of numerous solutions by McAfee and others.

What the public needs to understand is this infection is anything but over. The virus phones home every day looking for its next set of updates, which could still have catastrophic results if the virus ever reaches its full potential.

The risk here is that a virus of this kind has technology that can disable anti-virus software and that prevents access to numerous websites which provide automatic security updates, including Windows.

Today, Brian Krebs from the Washington Post points out the similarity's to Y2K potential bug, just as I did last week. "In one sense, the response to Conficker could be compared to that of Y2K: A great deal of smart people threw a whole lot of resources and energy at a fairly complex problem and managed to turn a potentially very ugly situation into a relative non-event."

The attention that Conficker brought upon itself has rallied security professionals to be on their highest guard, which is exactly where they should be.

See Robert Siciliano, identity theft speaker, discussing hacking for dollars.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.