The business and culture of our digital lives,
from the L.A. Times

« Previous Post | Technology Home | Next Post »

April 1 damage from Conficker worm not likely to catch up to hype

March 31, 2009 |  7:23 pm
Worms in mud
The Worms in Mud dessert. Credit: PaysImagniaire/ Flickr

Today we unsuspecting L.A. Times tech bloggers were besieged by e-mails from publicists regarding "the Conficker C threat pending for April 1," offering "insight on any scenario that happens tomorrow," and alerting us that companies have been preparing ahead of time "in an effort to prevent the Conficker worm from spreading further and potentially causing substantial damage."

Just like the Y2K hysteria and other bugs du jour, the Conficker worm has been a prime vehicle for the language of terror and fear.  And just like those other instances, the warnings make for better conversation than the reality.

"As you are probably aware," read one e-mail from a PR firm called GlobalFluency, "tomorrow, April 1 is the day that the Conficker worm, possibly the most widespread ever, is predicted to inflict its damage through the hundreds of thousands of computers that it has infected. Nobody knows what Conficker will unleash."

GlobalFluency went on to offer an interview with an expert from a computer security firm that markets anti-virus software. 

Conficker, a digital worm that has reportedly infected millions of Windows computers, has been widely covered in the media, including in the New York Times, which wondered if Wednesday would bring "An April Fools Joke or an Unthinkable Disaster," and on "60 Minutes," which noted that "so far, the bad guys who created it haven't triggered Conficker. It's just sitting out there like a sleeper cell."

Twitter, a useful heat map for online conversations, lit up today with thousands of worried messagesabout Conficker. "I'm terrified of that conficker virus thing," wrote Sarah Rutherford of New York. "Not getting back on here at all for the rest of the week!!"

But as more sober commentators have noted, Conficker is not a ticking time bomb set to ...

... blow up the Internet at midnight. On a blog at SecureWorks, Joe Stewart noted,

The truth is, there will be no April 1st outbreak, despite what some of the press stories have said so far. The only thing that will happen with Conficker on April 1st is that already-infected systems will begin to use a new algorithm to locate potential update servers. There, that’s not so scary, is it?

Rather than being a call for the worm to begin a major attack, the change happening tomorrow is more like an evolutionary step that makes Conficker more slippery and more difficult for security experts to track down and exterminate. 

Alex Eckelbery of Sunbelt Software reminds usersthat a fix for Conficker has been around for nearly six months. The worm "takes advantage of a vulnerability in Windows that Microsoft fixed in October of last year," he wrote. "If a machine is patched with this update from Microsoft, then that system cannot get infected."

Conficker's true potential for damage and destruction is simply not known, and won't be until its mastermind puts his creation to work -- whether that's as part of another huge cloud of zombie spam computers, an identity theft ring or something more innocuous. 

"We don’t know yet if there’s anything explosive in it," said Chris Schwartzbauerof Shavlik Technologies, a security firm. "Really what we've learned about this one is that the unique way it’s architected makes it particularly wily."

That is, more is known about its infectiousness than about its potential for harm.

Experts agree that Microsoft Windows users can still protect themselves against Conficker and other potential security threats by making sure their systems have current anti-virus software and the most recent patches from Microsoft.  See prevention instructions here.

-- David Sarno