The world did not end on April 1, the Internet did not fail and civilization did not collapse. In other words, for those who followed the hype, Conficker, a software virus that has infected computers worldwide, was no big deal. That is reassuring — and testament to the seriousness with which experts treated the virus when it was discovered. But Conficker's fizzle could also encourage users to take security less seriously, and that would be a big mistake.
Conficker first surfaced in October 2008, when researchers discovered a piece of software that was burrowing its way into computers around the world. By January, it had infected millions of machines running the Microsoft operating system: Today it is estimated that as few as 3 million or as many as 12 million host the software. Much of the concern resulted from the uncertainty about the purpose of the virus. It merely instructed computers to contact a list of Internet Protocol addresses (called domains) through which the hackers who wrote the virus would send additional instructions to the infected machines. Security experts could not tell if the instructions would be to distribute spam, steal personal information, credit card numbers, attack critical databases or merely distribute an April Fool's joke.
Conficker's success was its undoing. The speed at which it spread alarmed security experts and the resulting press prompted specialists to join together to disrupt the way it worked. Software scanners were developed to identify infected machines and patches were written to block contact with the list of domains. Thus far, the fixes have worked. There is little sign of additional activity related to Conficker. Many of the computers remain infected, however, and could be activated in the future.
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.