It may remind some of Y2K. At the turn of the century, clocks around the world struck midnight and none of the fearful predictions about computer networks shutting down happened.
Fast-forward about nine years and the hype about Conficker appears to have been overinflated -- at least so far. The media helped to spread Conficker doom and gloom over the past week as the world prepared for the malware authors to begin using a new algorithm to determine what domains to contact. That contact could set off a new rash of computer infections if vulnerable Windows operating systems have not been patched.
The Conficker worm, also know as Downadup, raced across the Internet in January with tricks to spread undetected. Millions of computers were infected in just a four-day period. There are several different variants running wild already and the latest variant, Conficker.C, is being studied by security researchers to determine what might happen next.
Discovering the Real Threats
"I kept telling everyone to worry about being secure, not about Conficker. Some people listen, some don't. So what happened over about the past 24 hours?" asked Randy Abrams, ESET's director of technical education. "By about 2 p.m. GMT on April 1, of the top 20 threats encountered by our users in the past 24 hours, four out of five of them were not Conficker."
Specifically, about 16.17 percent of the threats were online-game password stealing threats. Another 21.5 percent were threats that were not Conficker and were trying to use Autorun to infect computers. Nearly 10 percent of the threats were something called Win32/Agent, which tries to steal data from a computer.
"Eighty percent of the risk was not Conficker, but 99 percent of the attention was on Conficker," Abrams said. "Does that make sense to you? Can you imagine crossing the street and ignoring four out of five cars? Do you think you'll live long?"
Conficker is Not an Issue
Abrams said if users are taking the proper precautions to protect against other threats, then Conficker is not an issue. What's more, he added, dedicated Conficker detection tools are really pretty silly to the rational mind.
"If you go to the doctor with typhoid, malaria, smallpox and measles, do you really want the doctor to only check to see if you have the flu? You'd sue for malpractice, so why be as negligent with your computer?" he asked. "The version of Conficker that has the April 1 trigger does not appear to spread. It appears to only affect machines that are already infected. If you're scanning for Conficker instead of for all malware, then that is the real April fools' joke."
There is now debate over who to blame for the hysteria: Security firms or the media. For all the media hype, Graham Cluley, a senior security consultant at Sophos, said he thinks most of the computer-security industry was remarkably reserved and sane during the buildup to Conficker, reminding people there was no guarantee the worm would do anything noticeable and that it was quite possible hackers wouldn't give Conficker-infected PCs any new instructions.
"Of course, as I've been saying all along, the people behind Conficker could choose any day to instruct it to do something malicious -- there was nothing which made it more likely on April," Cluley said. "So the need for you to remove Conficker is just as necessary today as it was yesterday, and will be tomorrow."