New Windows Conficker Infections Put Flashback In Perspective, Offer Warning

New Windows Conficker Infections Put Flashback In Perspective, Offer Warning

Continued Conficker threat offers perspective/warning on Mac malware

News, information, and commentary of the Flashback malware threat has ricocheted around the web over the past few weeks. The news of dangerous Mac malware has spread from the Apple and tech media into the mainstream. While not downplaying the seriousness of the threat, a Microsoft announcement yesterday does offer some perspective.

Microsoft made it clear that the Conficker worm is still infecting millions of PCs worldwide – three years after fears about Conficker’s potential damage and the estimated level of infections (estimates ran as high 12 million PCs at the time) created a media frenzy.

The Conficker threat first emerged four years ago using a just-patched vulnerability to infect machines running Windows XP and Vista. A more dangerous version of the worm emerged in early 2009 and led to mass levels of infection with the malware expected to update itself on April 1, 2009. When that date passed without incident thanks to security researchers preventing infected PCs from contacting command and control servers for the Conficker botnet, concern about the worm began to fade from most people’s minds.

Microsoft’s assertion that millions of PCs remain infected and that the worm is continuing to spread is a disturbing one. The company estimates the current botnet contains seven million infected PCs worldwide. According to Computerworld, the main reason Conficker has never caused much damage is that the Conficker Working Group, an association of security companies and researchers that includes Microsoft, is continually taking actions to block the infected PCs from reaching and command and control servers even three years later.

On the one hand that offers a sense of perspective on the Flashback threat. Even though there are still infections, the number of infected Macs never reached Conficker’s level. Apple’s response of building out prevention and removal tools through Software Update is likely to stem the threat over time – particularly among users that opt not to purchase anti-malware packages.

On the other hand, it shows that malware threats don’t disappear overnight (or at all). That means that Mac users (and IT professionals) shouldn’t get complacent now that the bulk to the threat seems to have passed. The ongoing response by the Conficker Working Group shows that, in future threats, Apple may need to take a more active and visible role in responding to malware.

Related
  • lwdesign1

    What I find interesting is that Microsoft and the group working on eradicating Conficker haven’t been able to do it in 4 years. Whereas Apple’s updates have eliminated the Flashback trojan on all Macs who update their system software via Software Update. So there’s some missing information here. Does it mean that Conficker on Windows and Flashback on Mac only exist in computers whose owners never update their service packs or software updates? What gives on this? This article doesn’t say, yet this is vital information to know.

  • Andrew John

    You know, with a simple tool like Little Snitch, you would know of any unauthorized connections to the internet. As soon as you’re aware of this, you’d know you’d have malware. Since using Little Snitch, I am amazed at how often unauthorized connections occur that wish to phone home to google servers. Makes you wonder what they’re after. Friggin evil empire!

About the author

Ryan FaasRyan Faas is a technology journalist and consultant living in upstate New York who has written extensively about Apple, business and enterprise IT, and the mobile industry. In addition to writing for Cult of Mac, he is a contributor to Computerworld, InformIT, and Peachpit Press. In a previous existence he was a healthcare IT director as well as a systems and network administrator. Follow Ryan on Twitter and Google +

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , , , , , , |