To the main stream media: Please leave your tin foil hats at the door... To my fellow NANOGers: I look at this virus from two perspectives. First the home computers (and small businesses without any real IT staff). And second the larger organizations with dedicated IT staff. Home Users: Many will agree that a large percent (>50%) of home computers are infected with some sort of malware. Everything from tracking cookies, to spam drones, to botnet clients. Home users are often too cheap/lazy to get antivirus/firewall protections. And many are scared to get updates from Microsoft because of some unrealized danger this might pose. As I see it, the virus is adding at most 9(?) million to the probable 175 million (350/2 <http://en.wikipedia.org/wiki/List_of_countries_by_broadband_users> ) malware infested hosts out there. In fact, it will probably be much less than that, as the people who are getting infected by this virus, are probably already affected by other malware. Everyone Else: If SQL Slammer has taught us anything, it is the importance of patch management and firewalls. And the unending stream of new malware has also taught us the importance of anti-virus software. With all the media hype and removal tools being made, there is no good reason any IT shop should be affected in any meaningful way. Invariably we will hear the stories of places that do get affected, but I doubt it will be anything overly large. So from a network operational perspective, unless the virus author decides to launch a DDOS on a single target (and one is either that network or its upstream) I predict this will have little, if any, effect. My $0.02, Adam Stasiniewicz -----Original Message----- From: Gadi Evron [mailto:ge@linuxbox.org] Sent: Monday, March 30, 2009 7:44 AM To: Joe Blanchard Cc: nanog@nanog.org Subject: The Confiker Virus hype and measures Joe Blanchard wrote:
Anyone have a copy of this? Would like to analyze it and understand its
propagation.
Thanks
-Joe
I'm sure someone sent you a sample by now. As to the malware itself... I haven't personally been following conficker as I've been busy with other issues (as much as possible, anyway, with all the hype it's hard to escape), but I've been asking questions. I can try and speak on the matter from what I've learned by asking. Conficker is a real problem, but will the world end on April Fools? The answer I gather to be the most accurate is: "The conficker threat will be exactly the same as it is today, on April 1st." Perhaps putting a date on the threat makes people feel more comfortable. What if something happens on April 3rd? Whether we would be warned or not, we'll all likely ignore it if April 1st comes and goes quietly. As to the unknown, the author's mind, who can really tell what they will do come the 1st? But some of the hype I've seen is truly ridiculous. I am sure some of the protected hosting companies sold quite a bit with their "we defend against conficker" products. Is conficker a problem? Yes. Can we potentially face hardship on the 1xt? Yes. Is the rest complete bull? Yes. Gadi.