Doing the Worm: Tweak in 'Conficker' Sparks Fears
Conficker worm sparks big fears despite reassurances from security researchers
Even if it's not an April Fools' joke, the latest moves by the dreaded Conficker worm are by no means an Internet Armageddon, either. The worm's alarming outbreak entered a new phase Wednesday as clocks around the world ticked into the first day of April, the day it was scheduled to change programming.
But security experts appeared correct in their predictions that the day was likely to come and go without any major disruptions, even though the worm has infected anywhere from 3 million to 12 million PCs running Microsoft Corp.'s Windows operating system.
Computer infections now are all about making money by stealing people's personal information. And Conficker's authors stand to make more money from renting out parts of their huge "botnet" to spammers or identity thieves than by destroying parts of the Internet.
"These guys have been pretty smart until now — the worm is unfortunately very well done," said Patrik Runald, chief security advisor for F-Secure Corp. "So far they haven't been stupid. So why should they start on April 1?"
But panic over the worm had reached a frenzy.
Lori Lynn Pavlovich, a mother of four from Racine, Wis., unplugged her PC and vowed to stay offline for a week after seeing a local TV news report about the worm.
"I get scared real easy when it comes to stuff like that," she said. Pavlovich, who says she keeps her antivirus software and security patches up to date, got back online 24 hours later after a relative assured her that her system was safe.
In the last six months, the worm has also caused sleepless nights for the technicians who maintain corporate and governmental computer systems. European media reported that the French military grounded some of its fighter planes after the Navy's network was infected over the winter.
Companies were on high alert to any change in Conficker's behavior that could affect their systems. But a lot of the heavy lifting for big corporations has already been done. Most large organizations hurried to fix the vulnerability that Conficker exploits long ago — Microsoft released a software "patch" for it in October. Many smaller businesses and consumers started worrying about the problem later, making them more vulnerable to infection.
