Good entry by John Pescatore on his Gartner blog today about the day after the April 1 Conficker hype. I agree with his take, which supported my post from yesterday. Conficker was not built to be a public spectacle – it was built for the long term and while the April 1 date has come and gone, it still is out there. I do think we cannot completely blame the press for the hype as the creation of the Conficker Cabal and the Microsoft $250K bounty certainly gave the whole affair gravitas.
I did find one funny item in the Security Fix blog by Brian Krebbs of the Washington Post. It seems that Big Ben stopped just before midnight on March 31. The stoppage was immediately seen as the work of Conficker. Makes sense – build a worm, get it distributed to millions of computers worldwide, have it confound the best and brightest of IT security, and then instruct it to stop Big Ben.
On a final note, yesterday I had the chance to spend time with Dave Hooks, our CTO. Dave walked me through the demo for the next release of our product, which features our real-time detection and remediation capability, which we will be unveiling in the next several weeks. To visually witness the software detect malware that was just introduced to a machine, do the analysis, synthesize a remediation, and remove the malware and reset any changes the malware made to the machine in the span of 90 seconds was very cool. No one touched the machine during that span, making Triumfant able to see zero day malware and remediate the machine with zero human interaction. Best of all – no signature required. Much more to come.
Click here to subscribe
