For those who are doomsayers insisting that the world will come to an end on April 1, 2009 with the outbreak of the Conficker worm – take a deep breathe (or a Prozac) and revise your prophecies.

Yes, the Conficker worm is a definite problem, but not some apocalyptic harbinger of doom!

Simply put, Conficker is a large, P2P-based botnet, allegedly with millions of infected machines and on Wednesday, on April 1, it is set to activate its new “variant C”.

A bot is a Trojan malware program that has complete control of an infected computer. It can be used to attack and spy other computers and servers. It can be destructive – damaging files, connecting to addresses on the Internet, and forwarding your email –in fact whatever makes the most sense financially for the creators and controllers of the botnet.

From what I have read Conficker’s has been designed with P2P architecture. This makes it more difficult to trace and destroy than most other botnets, because it cannot be localised to a single server but the computing power of is distributed amongst the nodes of the Peer-2-Peer network. The only real change that occurs on April 1st, is that Conficker.C starts using a new algorithm that will make tracing it even harder – end of story!

Joe Stewart of SecureWorks, is quoted as saying “The Conficker threat will be exactly the same as it is today, on April 1st.”

Perhaps naming a date in regards to threat makes people feel more comfortable. Whether or not we’re warned about that date, we’re likely to ignore it if April 1st comes and goes quietly. Like the damp squib of the predicted Y2K meltdown, we’ll feel robbed and try to find who “cried wolf” so we can hang thumb our noses at the hapless prophet of doom!

It’s is likely Conficker.C will regurgitate spam or even be responsible for attacks the Internet infrastructure. What we do know for sure is that the worm itself won’t be much different tomorrow.

Like it or not, it is the criminal that have power over us! The Internet is ruled by those with the biggest “guns” and not by who makes money by owning yet another DNS top-level domain.

We can continue window-dressing, attending and organising security conferences and waving the “civil-rights and privacy” flag and bitching about ICANN policy. But while we enjoy the “warm and fuzzies” of these sorts of actions the Russian and Chinese crime syndicates make more money, have more raw power, and are willing to use it even if it hurts their business.

As for Conficker, Antivirus vendors have added detection, and new network scanners are available, but the hype, however, has turned the threat into a media circus. The security and antivirus industries are raking in the profits of their “we protect against Conficker” products.

As an added bonus I include a link to an insightful report on CBS’s 60-minutes all about the threat of Conficker. Well worth the watch. (You need InetKey open to view the video)

The Prozac is kicking in now…

David Wiles