April 2: if every worm could be as mild-mannered Conficker

Analysis
Apr 2, 20092 mins

Yesterday, Microsoft posted an informational page which tells consumers that the chances are small that they are infected by Conficker. It says:

“Is my computer infected with the Conficker worm? Probably not. Microsoft released a security update in October 2008 (MS 08-067) to protect against Conficker. If your computer is up-to-date with the latest security updates and your antivirus software is also up-to-date, you probably don’t have the Conficker worm.”

How reassuring!

Unfortunately, other researchers who have analyzed the four variants of this worm estimate that as many 10 million machines could be pwnd. While the sky did not fall yesterday, the worm’s notorious activation day, security researchers remain wary that the Conficker dudes (or dudettes) are now the owners of perhaps the world’s largest botnet. If so, the sky will likely never fall. Botnets are most profitable when their zombies are quickly activated to spew a bit of spam or create a bit of click fraud and then go dark waiting for their next set of instructions from their evil lord.

Converging on Microsoft blogger Mitchell Ashley makes the essential point. Has all the time energy and billions of dollars spent on security to protect against zero day attacks and sly worms amounted to anything? Under the umbrella of all that, these smart, bent-on-botnets folks have perhaps created the largest security threat ever.

Also remember that, despite Microsoft’s assurances that the threat is negligible, the company in February put a $250,000 bounty on the heads of the Conficker worm writers.

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.) Microsoft’s voice at VoiceCon is not on the show floorApril giveaways galore: Microsoft UC and Office 2007 books, free training from Global KnowledgeRogue SharePoint sites pose security menaceMicrosoft’s Linux distroServer Core 2008 – SQL Server not supported Follow Microsoft Subnet on Twitter