Conficker foolishness goes nuclear

Security firms are well known for spreading fear, uncertainty and danger (FUD) but a press release today on the Conficker worm takes the biscuit.

Security experts are largely agreed that the Conficker update scheduled for tomorrow will not bring about the end of the world as we know it. Instead the malware will probably just update itself. After all, it's not in the malware writer's interest to shut down the network that has been so laboriously built up.

Nevertheless this hasn't stopped endless press releases seeking to grab headlines. This is to be expected but some are 'jumping the shark'. Take IT security company Imerja, which has jumped on the bandwagon and come out with some truly preposterous guff.

"30 per cent of all Window's PCs could be at risk. Organisations that are in danger of being affected include the Houses of Parliament, the Ministry of Defence and a number of UK schools," said Matt Hampton, chief technical officer at Imerja.

The logical problems with this are many. Firstly, no-one knows how many PCs are unpatched in such a way to make them vulnerable to the Conficker malware - 30 per cent is a guestimate at best.

Secondly, even if the PCs are unpatched that's no guarantee that they will become infected. After all, many unpatched PCs will be corporate systems behind strong firewalls, which is why the IT administrators have been slow to patch since they are protected.

Similarly people may be protected by running anti-virus software but haven't bothered to patch their systems. People are now getting much better about running security software but running operating system updates is less common.

It also assumes that Conficker is everywhere and will automatically infect any PC that isn't patched. This is of course complete rubbish.

Some security companies have worked hard to rescue their reputations. Imerja seems to be bucking this trend, and FUD like this makes one wonder how professional they really are.