You may not necessarily realize that you have, but there are people out there who monitor the progress of worms, Trojans and viruses. The good news is that on this day, April 1st 2009, the Conficker worm does not appear to have propagated as the rumors would have had us believe. So should would be even more vigilant tomorrow? I read somewhere that the nice people at Symantec have promised to be on the ball, but I personally think that the damage has already been done. So, have you been confickered? If you were panicking because you thought that your computer was going to stop working, that the entire Internet was going to crash big time, that your online business would be devastated, then yes, you have been confickered. If it makes you feel any better, we all have.
Security experts throughout the civilized world felt the need to step up and publicly make it known that Conficker was out there waiting to pounce. There were brief interviews on national and regional TV and Radio, blogs, forums and newsgroups. Microsoft put a reward of $250,000 dollars on the table for the capture of the Worm authors, presumably alive. Techs like me were obliged to recognize that Conficker could be a problem, and we sent out warnings via our client mailing lists. At the end of the day, it all came to nothing, but it could have been so different.
We looked foolish because we responded to a rumor of an April Fools Day prank. Today, we looked foolish as we powered up our systems, still half expecting to see the worst. Some are still going to look foolish because they will be looking tomorrow, and we all know that April Fools Day pranks have to be completed by midday on the day. It was a ‘no win’ for the technical community and a sure fire victory for the people behind Conficker. Rumor did as much damage as the worm itself. We all bowed to pressure ‘just in case’. If we hadn’t, and the worm had spread like all hell, our credibility would be zero. It isn’t looking much better today.
The Worm actually appeared a few months ago, but largely infected computers in parts of the world where computer security is not taken as seriously as it should be. We knew that its impact in the Western world had been limited and yet we all still let paranoia get the better of us. It doesn’t help when we read about the recent discovery of a botnet numbering some 1200 or more computers, all based in government offices around the world. What hope do we have of protecting ourselves when the professionals in high places are unable to protect computers used in national security?
I could be wrong but I think that breaches like the recent discovery above are inside jobs. I also believe that 99% of malware infections in home computers are inside jobs too. The threats posed by holes in stuff like Adobe Reader or any kosher program for that matter are infinitesimally small by comparison the to the malware let in when signing up for ‘free casinos’, smutty chat emoticons which will shock online friends, and utilities which claim to fix all computer problems in one click.
The best way to defeat Conficker or any malware is to be alert, use the common sense we had at birth, use a magnifier to read the ‘4 point’ print at the bottom, and keep our systems properly updated. If we personally know people who are using a pirated version of Windows or somebody who refuses to properly update because he/she doesn’t agree with Microsoft’s WGA, tell them in no uncertain terms that they are posing a threat to our computing experience by becoming part of huge botnets. Tell them to use a niche computer like a Mac, or a niche OS on their PC like Ubuntu if they care so little about our security.