14 DAY TRIAL // April 1st, the date depicted by some of the media in the past week as being the Internet's doomsday brought forth by the infamous Conficker computer worm, has passed and nothing really significant has happened. Many IT security professionals condemn the hype created and explain how it has actually caused more real damage than the worm.
The fact that an update mechanism in the Internet's largest botnet, Conficker, has been set to come into full action on April 1st has created a lot of fuss in the days leading to this event. Probably in an attempt to raise awareness, many news agencies and media outlets have really blown this out of proportion, creating an overall state of panic in the minds of the average consumers.
Now that the much-anticipated date has passed without anything major happening, the security researchers who have advised them to calm down and have said that the worm will most certainly not bring chaos on the Internet are condemning the hype created and draw conclusions.
"[...] In my own experience, it has been some of the newspapers and media organisations who have been guilty of dreaming up apocalyptic headlines and the security vendors who have been pouring the cold water," Graham Cluley, senior technology consultant at Sophos, says. "As I've been saying all along, the people behind Conficker could choose any day to instruct it to do something malicious – there was nothing which made it more likely on April 1st. So the need for you to remove Conficker is just as necessary today as it was yesterday, and will be tomorrow," the security expert concludes.
Roger Thompson, AVG's chief research officer, is much more sarcastic about it. "Human nature being what it is, some folks are fixating on the worst possible outcome. It'd be pretty bad if you got hit by a meteor too, but no one is building meteor shelters," he writes. He suggests that, if something really bad was to happen to the computers/networks of those affected, they would have no excuse."The worm probably grabbed millions of users right out of the box in December 2008, but any gov/ corp/ edu user who is still infected after five months, deserves it."
PandaLabs' Technical Director, Luis Corrons, notes that, "The melodramatic Conficker countdown is starting to resemble one of those never-ending TV soap operas; everyone is talking about it, but it never draws to an end." He also points out that, "Bearing in mind the number of domains that are downloading malware by exploiting the interest in Conficker, without actually having any connection with it, […] there may still be users who have downloaded other Trojans simply by searching for news about Conficker… Ironic really."
The Conficker botnet may have not received malicious instructions from its creators on April Fool's Day, but the hype created around it has certainly helped other cybercriminal gangs. As we reported on 31 March, search results for "Conficker" had been poisoned with malicious links, leading to malware and scareware. Spam analysts at Trend Micro warn that fake e-mail alerts advising users to scan their computers for Conficker have also been in circulation. These have had, most likely, the purpose of increasing the number of search queries for removal tools, which has had a good chance to lead to other malicious applications.