Conficker Worm Does Little Today


Worries that the Conficker worm would spread a path of Internet disaster today have, as of yet, not been realized, and likely won't be either. The past few days have seen news stories like this one from the London Sun stating that "MILLIONS of computers around the world could go into meltdown on April 1." Similar stories appeared in other newspapers and magazines around the world as well.

According to the latest from the news wires, all seems pretty quiet. If anything major does happen, I will update this post.

This is not to say Conficker is something to ignore or not worry about - it is. The FBI doesn't normally put out warnings like it did yesterday about Conficker because it wasn't more than a little concerned.

In some ways, the fact that nothing major happened today may not necessarily be an altogether good thing, since many people may assume that future warnings about dangerous computer viruses, Trojan horses and worms are merely IT security folks crying wolf. This is the same issue public officials face with hurricane forecasts that don't turn out as expected.

Anyway, the U.S. Department of Homeland Security (DHS) announced today the release of a DHS-developed detection tool that can be used by the federal government, commercial vendors, state and local governments, and critical infrastructure owners and operators to scan their networks for the Conficker/Downadup computer worm. Go here to read more about it.

Update: The 2nd of April news on Conficker is about the same as the 1st of April's: nothing much happened. A late report in the ComputerWorld said some of the infected PCs had tried to call home, but that many were unsuccessful.

More interestingly, the CW story pointed out that the Conficker designers may have gone a "bridge too far" by trying to directly take on the IT security companies, which merely ended up provoking a massive coordinated private and government counterattack. Next time expect a lower profile computer worm or virus to appear that tries not to stir up such an agitated response.

There was also a story in today's Wall Street Journal that noted the concerns of many IT security researchers over the perception that the IT industry may have seemingly cried wolf about Conficker, an issue I noted yesterday. The story tells of one IT security company CEO who having called Conficker "a digital Pearl Harbor" now admitting that he was using more than a bit of hyperbole in order "to wake up" people to the threat.

That approach might be "good for business" and may work once or even twice, but if such warnings become routine, there shouldn't be any surprise noted when no one pays any attention to warnings that really should be listened to.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City