The hugely talked-about computer worm seemed poised to wreak havoc on the world’s machines on April Fool’s Day. And then … nothing much happened. But while the doom and gloom forecast for the massive botnet — a remotely controlled network that security experts say infected about 5 million computers — never came to pass, Conficker is still making some worm hunters nervous. Phillip Porras, program director at SRI International, a nonprofit research group, said Conficker infects millions of machines around the world. And the malware’s author or authors could use that infected network to steal information or make money off of the compromised computer users. “Conficker does stand out as one of those bots that is very large and has been able to sustain itself on the Web,” which is rare, said Porras, who also is a member of the international group tracking Conficker. Still, computer users, even those infected with Conficker, haven’t seen much in the way of terrifying results.
No problems so far as April Fools worm awakens
How will the April Fools computer worm affect you
Internet crime jumps by a third last year
After the botnet relaunched April 1, it gained further access to an army of computers that the program’s author or authors could control. The only thing the author or authors have done with that power, though, is to try to sell fake computer-security software to a relatively small segment of Conficker-stricken computers, Porras said. The lack of a major attack has led some people in the security community to assume that the worm is basically dead. Mikko Hypponen, chief research officer with F-Secure, an Internet security company, says the people who created Conficker would have launched a major offensive by now if they were going to. Hypponen, who is scheduled to speak about the Conficker botnet next week at Black Hat, a major computer security conference, said he thinks whoever made Conficker didn’t mean for the worm to get so large, as the size of the botnet drew widespread attention from the security community and the media. “This gang, they knew their stuff. They used cutting-edge technology that we had never before. … I’ve been working in viruses for 20 years, and there were several things that I’d never seen at all,” he said. “That, to me, would tell that perhaps this is a new group or a new gang, someone who tried it for the first time.” He added, “The more experienced attackers don’t let their viruses or their worms spread this widely. They, on purpose, keep their viruses smaller in size in order to keep them from headlines.” Veteran botnet creators tend to hold the size of the malicious networks to about 2,000 to 10,000 computers to keep from being noticed, he said. “Even if the [Conficker] gang would want to continue operations, most likely they would drop the current botnet and start something new,” he said. Don DeBolt, director of threat research for CA, an information technology company, said researchers are still watching Conficker. “It’s still being tracked, so it is still active out there, but certainly the threat has been mitigated by all of the attention and focus that it has received,” he said. DeBolt said the press hyped the Conficker story because it was tied to April Fool’s Day and because it made so many computers vulnerable to attack. He said other viruses and botnets pose more serious threats. Graham Cluley, senior technology consultant at Sophos, a computer security company, said the infected Conficker network is still growing. “The interesting thing is, the hackers never really did much with the botnet that they created. So they created an army of lots and lots of computers … but they’ve never really done anything with it,” he said. “They were almost frightened off doing it.” Others disagree with that assessment. Hypponen said Conficker was not hype; it was the largest network of its kind seen since 2003 and deserved the attention it got from the security community and from the public. Porras said theories about the the motives of Conficker’s creator are based on speculation. The important thing, he said, is that security experts will continue to work to reduce the number of computers infected with the worm.