Conficker and Swine Flu

What do they have in common?

 

The Pig that Flew

Both threats have been vastly exaggerated by the media, and by the authorities

charged with internet security and public health respectively. Early in May, the

World Health Organisation was ready to declare the Swine Flu a full-on pandemic. At

the time, the tally was 19 confirmed deaths world-wide, and some 800 infections.

It turned out to be just another flu, yet Australia’s stocks of antiviral drugs were

exhausted before the country recorded a single case of swine flu. Our Health Minister

had to order more Tamiflu and Relenza from drug makers doing summersaults

all the way to the bank. In the first two months, 100 people died from the swine flu

worldwide. In any two months, 600 people die from ordinary flu in Australia alone.

 

The Worm that Grew Legs

Conficker turned out to be just another worm, despite headlines like ‘Conficker worm threatens April Fools' chaos’, accompanied by the picture on the right. ‘World waits as Conficker worms into action’ was another.

 

 

 

No, it wasn’t just the media, as youcan see from headlines like ‘Conficker's next move a mystery to researchers,’ with the by-line 'Impossible to know what massive botnet will do April 1, researchers say.’

 

Experts Clueless, Public Panics

The massive botnet was already 8 million strong, according to security software

vendor F-Secure, and still growing strong. ‘Security researchers are in the dark,’ Computerworld’s Greg Keizer wrote on March 24, ‘about what will happen next week when the newest variant of Conficker, 2009's biggest worm by a mile, begins trying to contact its controllers.’

As the worm reportedly infiltrated the French government’s naval systems – forcing

the French to ground their warplanes – and the British Parliament’s computer

network, experts were aghast at the breadth of the worm’s reach. Soon, there were

hushed warnings of an impending ‘digital Pearl Harbor.’

In an unprecedented move, malware researchers teamed up to fight the worm, and Microsoft put a US$250,000 on the gang’s heads, saying it wasn’t prepared to ‘sit back and let this kind of activity go unchecked.’

Just why these experts couldn’t figure out what this worm would do, despite using

harvested samples to infect their test PCs and observing their behaviour, is a very

good question. It’s obvious that they didn’t have a clue and decided to play it safe

like the WHO with the swine flu – better safe than sorry, right?

 

The Things that Panic Us

Bruce Schneier, a down-to-earth security expert, said that Conficker's 1 April

deadline was just the kind of event humans tend to overreact to. ‘It's a specific

threat, which convinces us that it's credible. It's a specific date, which focuses our

fear. Our natural tendency to exaggerate makes it more spectacular, which further

increases our fear. Its repetition by the media makes it even easier to bring to

mind. As the story becomes more vivid, it becomes more convincing.’

http://www.guardian.co.uk/technology/2009/apr/23/conficker-panic

We know that humans fear things they can’t see and can’t understand more than anything else. The graph below shows it clearly: it charts the media coverage of various topic over the past decade, and the biggest peaks here are all about the smallest things - from left to right: the Y2K bug, SARS, Bird Flu and Swine Flu.

 

 Courtesy of http://www.informationisbeautiful.net/2009/mountains-out-of-molehills/

 

The Y2K bug cost the commercial world $250 billion dollars and was a fizzer. SARS was another fizzer. Bird Flu really saw the media go nuts with doomsday scenarios but it fizzed too.

 

The Morning After

April 1 passed without incident, but the panic merchants never missed a beat. Now we had the experts and security vendors telling us that this did not mean Conficker was no longer a threat. The public can be gullible but for a rare moment, it got a glimpse of what the PC security business really is: a giant scam. A recession-proof giant scam because people think they shouldn’t skimp on security any more than they should skimp on the tyres of the family car.

The companies who make so much money from security software and services, and all the experts who make a good living from the bits they pick off the vendors’ backs like those birds that feed on Rhinos, have a vested interest in keeping us permanently panicked. In that state, we’ll renew that licence when it runs out next month and gladly pay the price.

Long ago, the anti-malware industry seized on medical and pandemic terms to engender the right kind of panic in PC users. The media went along with it because panic was good for their business too. We had outbreaks, infections that spread like wildfire, bugs that replicated and others that sat tight and ticked away like time bombs. We even had antivirus vendors selling us antibiotics – remember PC-cillin from Trend Micro?

And just in case some punters relaxed when conficker fizzed, Computerworld warned: ‘Mainstream media hype leading up to the Conficker worm's April 1 software update may have distracted people from legitimate cyber threats, the U.S. Federal Bureau of Investigation's head of cyber security said Thursday.’

http://www.computerworld.com.au/article/300670/conficker_hype_problem_says_fbi_cyberchief?eid=-6787

 

Never say Die

The worm refused to go away, though, or perhaps the security experts didn’t want to let it die. While the hype slowed dramatically after April 1, much like it did in the days after we entered a new millennium when the forecast catastrophe failed to eventuate, the worm kept turning. ‘Conficker Worm Still Lurking, Threat Remains,’ said a June 29 2009 headline.

A month later, at the Black Hat security conference in Las Vegas, an F-Secure virus researcher stirred the pot again. ‘The gang behind Conficker are no fools,’ said Mikko Hypponen. ‘They know their stuff, they know coding, development cycles, crypto and they are clever and they are watching us, their enemy in the security industry.’ Needless to say, the IT media jumped on the story hoping to retrieve some of their damaged reputation. The swine flu did a lot better in the same period, with the case load growing rapidly across Australia, which soon had the Health Minister warning that the worst case scenario death toll could be as high as 6,000. One expert said it could exceed 10,000 unless a vaccine became available.

By early August, with spring temperatures rising across the country, the nationwide death toll stood at 74 and the more responsible reporters conceded that the victims had died ‘with’ the swine flu, not from it.

 

The New Year

You guessed it: conficker is alive and well, at least in the minds of the malware industry. Dire warnings persist that the worm will do even more damage in 2010 http://www.net-security.org/malware_news.php?id=1154.

Here’s an example of the kind of stuff they sprout: ‘Although mainstream and industry media coverage of the Conficker worm and its variants has dropped significantly since peaking in the second quarter, it is clear from this data that the worm (and its variants) is apparently still quite active, searching out new systems to infect," Akamai said in its State of the Internet report for the third quarter of 2009, released Thursday. http://www.networkworld.com/news/2010/011510-conficker-worm-hasnt-gone-away.html. And here’s another story along the same lines:

http://www.spamfighter.com/News-13667-Conficker-Expects-to-Dominate-Botnets-and-Malware-in-2010.htm. For the anti-malware industry, conficker is just too good to let go.

The same applies to the antiviral and vaccine industries who won’t let go of the swine flu. This is the highest count I can find for total cases and deaths due to swine flu:

 

 

 http://www.flucount.org/

 

The numbers look pretty serious until you look at the case load and annual death rate of the ordinary flu, which costs 35,000 lives in the USA every year (mostly among people of old age or those with compromised health). In Australia, where a figure of 10,000 was bandied around for the swine flu, it never got past 200 victims.

 

The Bottom Line

Don’t pay more attention to the media or the experts than they deserve. Take it from me: antivirals are a waste of time and money, that’s why vaccines are so important when protection from viruses is the issue. Of course governments know that. They merely buy truck loads of antivirals because they think we don’t know. Then they stand up there and tell us that they have stockpiled the drugs, and that there’s no need to panic. Just don’t ask any questions, please.

Keeping your PC healthy is a lot easier, thankfully. Install decent Internet security software and spam filters, tighten up your browsers, put a canary on them as we suggest in Travel Safely Online. Grab a Free Guide http://bit.ly/Pljwy .

And make sure that you and your staff follow the road safety rules when you’re out on the internet highway. We have a few resources for you on these subjects here: http://www.technoledge.com.au/resources-straighttalk.htm

And if you’re worried that you might have caught this bug, known as Conficker or Downandup, here’s a simple way to find out for sure: go to the first link below and run the free Sophos endpoint assessment test, which will identify any security issues on your PCs http://www.sophos.com/products/free-tools/sophos-endpoint-assessment-test.html

If it looks like one of your PCs has caught the bug, here’s a free removal tool from the same source http://www.sophos.com/products/free-tools/conficker-removal-tool.html

 

Remember: They’re just trying to scare you into buying more stuff.