Conficker woes call for strong passwords

Organizations must evaluate their password selections as poorly-formed ones are "particularly at risk" to the Apr. 1 virus, Sophos warns.
Written by Vivian Yeo, Contributor

Warnings around the new variant of the Conficker virus tipped to spread its wings on Apr. 1, serves as a timely wakeup call for businesses to employ stronger passwords.

In a podcast posted Tuesday on the company's Web site, Sophos' Asia-Pacific head of technology Paul Ducklin, said organizations with poor passwords--already generally vulnerable to security risks--will be "particularly at risk to this virus".

The Conficker variants, Ducklin explained, spread mainly via USB keys, which could include mobile phones, music players and USB storage drives. Once it has penetrated the LAN, the virus attempts to infect computers nearby on the network either by using the exploit, which has since been patched, or by guessing passwords.

So, even if an organization has patched its systems, having weak passwords such as "1234" may still be an undoing in terms of security, Ducklin warned.

"If you've got weak passwords, this is the time to do an audit," he said. "This virus, and many others, carry with them a list of passwords--this is a technique that goes back to the Internet world of 1998. You only need to break in on one computer in the network to have begun to succeed, so to speak."

He stressed that companies or individuals cannot afford to adopt a wait-and-see attitude. "If it's spreading on your network, that's a sign that you have a security problem on your LAN that needs attention immediately," he said.

"You don't wait until the bomb goes off before you defuse it, surely," Ducklin said, noting that organizations have had to deal with security holes such as "sloppy use of policy with respect to USB keys, poor passwords and unpatched operating systems".

Echoing industry sentiments last week, Ducklin said Apr. 1 could come and go without much fanfare as the cybercriminals behind Conficker may not immediately put to action the new variant.

"The bad guys might only start trying to use these new domains on May 7," he said. "So Apr. 1, although it may be the beginning of a particular phase of one of the variants of this malware, is not the day on which the thing goes from being un-malicious to malicious."

Symantec, which said in January that Asia has been the worst hit in what it terms Downadup infections, told ZDNet Asia in an e-mail interview that it is seeing customers take on a more proactive approach in learning about Conficker and making sure that their systems are patched and updated, ready to address any exposures that they might face.

Editorial standards