Is it too early to declare that nothing has come of the hype around the wildly successful conficker worm's purported April 1st surprise? So far, press reports like this one seem to indicate a lack of any April Fool's Day fireworks.
Experts are quick to point out, however, that whatever the owner of this enormous botnet has planned doesn't necessarily need to be executed today. While that is true enough, I wonder who's side time is on.
Despite their popularity and longevity as a genre of malware, individual botnets tend to have an expiration date. This is natural. The lifecycle curve generally starts with a big push of initial infections (if the writers are lucky), AV updates and platform patches, and then a gradual slope downward as the worm becomes trivial to block or remove. Malware variants are, of course, a problem but can vary in the success of their continued evasion.
So far conficker has done a great job in its initial phases, but its success may precipitate its downfall. The amount of publicity and awareness combined with the widespread availability of removal tools and information are going to gradually reduce the size and value of this particular botnet, perhaps more rapidly than most.
In that case, doesn't it make sense for the botnet owners to strike while the iron is hot? A day or a week won't make too much difference, but I think if we don't see the horsemen of the Internet apocalypse in a week or 2, we can probably get a good night's sleep - the end is not nigh. Of course, this worm and others like it are still a huge issue and need to be continually addressed, but there's something about this whole 4/1/9 conficker scare that smacks of y2k fever.
Leave a comment