Was April 1 a Dud?


April 1 has come and gone.  Office and friendly April Fools pranks happened and people had a good laugh about them.  The media had hyped this April 1 as the day the Conficker worm would pull the ultimate prank though.  Did it happen?  The media would say “No” but I think something did happen.

What happened is that you became a little more conscious of the need and importance of computer security.  In some cases you even extended this awareness of security to things outside of your computer.  You checked to make sure that your alarms worked, and that your doors and windows would lock properly.  And this is a good thing.

As for Conficker, it remains to be seen what exactly came of the worm.  The botnet is still alive.  As far as the security researchers know, the Conficker.C variant started to generate the 50,000 domains and check them.  To anyone’s knowledge there hasn’t been an update yet.

Register.com which is a domain name registration site claims that the “April 1 issues” are affecting them right now.  They’re under a DDoS (Distributed Denial of Service).  It started out as a minor issue, which took their site down.  Now they are admitting that it’s a major situation.  What this means is that people who use their service are having issues with keeping their websites available to surfers. 

NeuStar and Ultra DNS were hit earlier this week by DDoS attacks also.  This brought sites like Amazon, Juniper, Oracle, and Salesforce down for a period of time.  Register has been hit for at least three days now.

Some customers are blaming Register.com for not being adequately prepared for this.  Others are saying that it’s not Register’s fault—but the crackers who are pulling off the attacks (Note I said “Crackers” instead of the over-used and over-hyped “Hackers” that you hear in the media).  I tend to agree with the latter on this.  While Register should (and probably did) have contingency plans for this, if it is Conficker then I doubt ANYONE would have a contingency plan to beat it.  Not even Google or Microsoft.

Why did they go after Register.com?  Who knows.  Maybe because Register.com was assisting the security groups in trying to prevent Conficker from working.  I’m sure others have been working with them, but Register is one site that seems to be publicly referenced or alluded to.  Maybe the person who’s pulling the strings on the botnet was rejected or suspended by Register.  Or maybe, just maybe, the person pulling the strings realized that hitting A LOT of smaller businesses will do more damage to our troubled economy than hitting sites like Amazon, Google, Newegg, or Microsoft.

One thing that I want to say about this is, for all of the customers who are saying that Register should have had contingency plans, where are yours?  I’m a tiny, almost non-existent business.  I’ve got websites on two different hosting sites (freewebs and office.microsoft.com) and I have a copy of my freewebs site hosted through no-ip.com on my own servers.  If I really needed to, I have accounts at three other hosting providers.  I could easily transfer my domains and a copy of my site to any one of them.  I may be down for a day or so, while the transfer takes place, but I’d still have ways of getting through to my customers.  All I would have to do, in reality, is post a message here saying “My current site is experiencing technical difficulties.  Please try these links until the situation is resolved…”  People wouldn’t know which provider is hosting my site.  Only that they’re able to get to it.

This turned into a rant about Register.com and their customers anger.  The reality is a lot of people failed to protect themselves and their incomes against this.  Register didn’t protect it’s customers by keeping in touch with them about the situation.  They also didn’t prepare their customers by suggesting some alternatives to take in case it was attacked.  (Of course what company would suggest “Have backup hosting providers in case we’re attacked.’”?) 

The customers didn’t protect their businesses by saying “Hmmm…  No one knows what Conficker will do.  But, a botnet that’s as big as Conficker is rumored to be can do a lot.  What should I do to protect myself and my sites?”

The people who were infected (and still are) by Conficker or whatever botnet is attacking Register.com didn’t protect themselves either.  They should be taking more steps to prevent their computers from being infected. 

So, it’s time for a lot of people to stop laying blame.  The blame in all of it’s forms, will be put out and admitted to when the time comes.  It’s time for the people (in whichever category they fall) to start taking steps to make sure this never happens again. 

If you have a site, make contingency plans in case your host gets attacked.  Even if you’re not using Register.com or NeuStar or UltraDNS.  Just because they are the victims today doesn’t mean that freewebs or GoDaddy or even 1&1 hosting won’t be tomorrow.

If you are one of those who were, or are, infected with the worms, get clean.  Find a clean computer and download the removal tools.  If your computer is too far gone, then copy your pictures, music, and important documents to another place and do a complete recovery.  If your computer will allow (meaning that it doesn’t rely on a hard drive image for your recovery), wipe the hard drive with an eraser program or hard drive wiping program (DBAN is a good one to use—and free).  Then start over.  And make sure that you pay the subscription for your Security software and keep it updated.  Along with Windows.  Or find a security suite that’s free and use that.

If you’re a hosting provider you need to look at your contingency plans and decide are they adequate to protect you against what’s happening to Register.com.  If so, great.  If not, then you need to do whatever you can to make them adequate.  Granted, you probably won’t be able to completely protect yourself and your customers.  But, you’ll be in a better position if it does happen.  Learn from Register’s mistakes.

Have a great day:)

Patrick.

Leave a comment

Your email address will not be published. Required fields are marked *