Aug 10 2009

Poor Conficker … we hardly knew ye

A putrid fruit fell from computer security's mangled tree. Did anyone see where it landed?
No Gravatar

A headline at InfoPackets.com asks the all-important question: “Whatever Happened to the Conficker Virus?”

What, indeed. You’d think the poor beast disappeared without a trace. Part of me wants to issue an Amber alert for it.

“It’s the biggest botnet in the world, and nobody cares,” one expert lamented

When F-Secure technovangelist Mikko Hyppönen speaks to a rather bored media these days, he insists Conficker still has “five million” PCs under its control. Yet the global media all but ignores him. “It’s the biggest botnet in the world, and nobody cares,” he lamented when I queried him over the media’s near-total lack of enthusiasm.

(Forgive the oxymoron when I say “near-total lack.” I’ll make up for it with a great metaphor, I promise.)

You know John Leyden’s byline if you read The Register with any regularity. I asked him to opine on why his colleagues seem so blasé. Here, Leyden contrasts Conficker‘s abundance of data before April vs. its absence of data after April:

No new victims have emerged and the update mechanism changed in April so that [there is] far less visibility [among antivirus vendors] about what the worm is doing. Microsoft has … released a removal tool, which has probably had an effect on reducing the population of infected hosts, albeit to an as yet unknown extent.

Figures on how many systems remains infected by Conficker remain hard to come by (I know because I’ve asked). Vendors — the root source of many stories about malware — are not talking about the worm, coming up with any new analysis etc. either. Everybody has moved on and they are now talking about attacks on social media websites, such as Twitter, reflecting the current media fad. All this means there’s no more fuel to throw on the fire, even for specialist IT reporters.

(I know, I know: it sounds like I should introduce Leyden to Hyppönen. They know each other quite well. Neither one knew I’d quote the other in this column.)

A com­pu­ter secu­rity repor­ter ob­served “every­body has moved on and they are now talking about attacks on social media web­sites … reflec­ting the current media fad”

Hyppönen’s problem as an antivirus vendor, and Leyden’s problem as a (competent!) computer security reporter, echo the problems I’ve seen over the last 20+ years. With only rare exceptions (i.e.e.g. The Register), the computer media routinely goes insane with misdirected security hype — and then routinely ignores the real threat(s) after they realize just how badly they got hoodwinked by their own misdirection.

Conficker is the most recent putrid fruit to fall from computer security’s mangled tree. (Hey, now that’s a great metaphor!) You’d almost swear I wrote Leyden’s summary for him:

The media in general has a short attention span. And for national press a story about a computer virus is never going to make the news unless it’s the fastest spreading, biggest ever or hits a high profile target. The fact that nothing much happened with Conficker after the 1 April deadline [passed] means that the mainstream media, if they think of it at all, think of the worm as a damp squib.

I don’t think the story will return to prominence unless someone is arrested for creating the malware, which seems unlikely.

Rest in peace, Conficker … we hardly knew ye.

Share
  • By Rob RosenbergerNo Gravatar, 11 August 2009 @ 7:13 pm

    This morning I realized I must have accidentally cut my penultimate paragraph while pasting Leyden’s summary into my draft column. The missing paragraph before “Rest in peace” went like this:

    “Leyden’s commentary won’t surprise my longtime readers, but it’s always good to hear it from a respected journalist who covers the computer security beat. It explains why Hypönnen can’t spread a (reasonable) message of concern over a still-current threat … and why Leyden can’t find enough (legitimate) sources who care enough to analyze data on a threat that no longer tantalizes the media. But hey, what else is new?”

  • By GsparkyNo Gravatar, 11 August 2009 @ 8:17 pm

    We’ll forgive you, Rob. Anyone who can use an interesting metaphor AND the word “penultimate” on the same web page is given a free pass for accidentally cutting a paragraph.

    That said, the problem is not one just in the computer media industry. Reporting in general, whether private (bloggers) or public (big-time media industry such as Time or the New York Post), has always had the problem of “forgetting” when things didn’t, uh, *quite go as they foretold*. All you can do is continue to point it out when it happens.

  • By Corrections and ClarificationsNo Gravatar, 11 August 2009 @ 8:48 pm

    We corrected the spelling of Mikko Hyppönen’s name throughout this column. The spelling error in Rob Rosenberger’s comment will remain standing.

  • By Rob RosenbergerNo Gravatar, 11 August 2009 @ 8:58 pm

    ::All you can do is continue to
    ::point it out when it happens.

    Yeah, but it takes a lot of effort NOT to sound like a broken record. Great metaphors don’t grow on trees, you know! :-)

Other Links to this Post