"Conficker Post-mortem"? I don't think so

[unixronin]

“Conficker postmortem: Hype distracted but threat is real”, says C|Net.

I think it’s a little early to be talking about postmortems of a worm that’s still alive, well, and actively seeking its next update.  Dan Kaminsky agrees:

“It’s not like it’s gone,” said Kaminsky, who worked with The Honeynet Project on a way to detect infected computers using a flaw in Conficker’s code.  “We’re looking at a massive, amorphous network with a command and control that we don’t have the means to block anymore.  Things got worse on April 1 for the remaining infected nodes.”

And now there is no signal for researchers to watch for with Conficker. This actually makes sense for a botnet because their creators usually tend to operate under the radar so they are not thwarted.

“We believe they decided to do nothing to tip their hand,” said Paul Ferguson, an advanced threats researcher at Trend Micro. “But the functionality can be updated at any given point in time. All it takes is a button click on a mouse from the people pulling the strings.”

Comments

[ithildae.livejournal.com]

I still wonder if there is something better flying under the radar. It is like that statement that ebola is not an effective agent because it's infection rate and mortality are too high. Did we just find Conficker because it was growing too fast?