According to an article at Internetnews.com http://www.internetnews.com/security/article.php/3832846 the authors of the Conficker botnet may have abandoned it, yet it continues to grow in numbers. The growth of the botnet is troubling because it is completely preventable and because it means the infected computers are vulnerable to other threats and that these users are not using security software that is current.
Conficker spreads through USB devices using autorun. Disabling autorun is a good security precaution. I’ve blogged on it a few times before.
Conficker spreads by exploiting a vulnerability in Windows, except if you patch like you should. Evidently many corporate IT people failed to learn the lessons of CodeRed, Nimda, Slammer, Sasser, BubbleBoy, and a host of other threats from days gone by that were preventable just by applying security patches.
Conficker also spreads through share folders on networks. People need to use strong passwords and protect network shares.
It isn’t really surprising that the authors may have abandoned the botnet as it is encountering significant scrutiny, but it is disappointing that the growth of the botnet is a barometer of the current state of security and it leave a lot to be desired.
Randy Abrams
Director of Technical Education
