Well, as most rational-minded people predicted, April 1 came and went with a barely a whimper (as far as we know) from our pal Conficker.
I have mixed feelings about this worm.
The positive side is that, because of mainstream news coverage such as the 60 Minutes segment last Sunday, Conficker’s presence undoubtedly raised awareness to the dangers of internet threats. In the 3 1/2 years that I have been writing for SC Magazine, this is the first time that my family has called me with a computer security question. (My mom called Tuesday morning, my older brother the night before. Both were convinced, as Lesley Stahl may or may not have wanted them to believe, that the sky was falling).
The negative side is that this threat, much like media-hyped worms of the past, are the only times the average end-user seems to pay any attention to security at all. They may assume that the only times they need to be careful are on these “D-Days,” when in fact, they are much more likely to have their identity stolen on an idle Tuesday in November.
These days, in the cybercrime world, it’s all about the money. More so, though, it’s all about flying under the radar and not raising suspicion. That’s why if Conficker ever causes a big problem, it’ll be when nobody is expecting it.
That’s why people should be more concerned about well-groomed social engineering attacks trying to get you to enter in your credit card information, or buy some fake anti-virus, or click on some sketchy attachment.
Just yesterday, Microsoft announced a dangerous, zero-day PowerPoint vulnerability that is being actively exploited?
Funny, my mom or brother never called me to ask about it. But I bet you they wouldn’t think twice about clicking.
Living in the post-April 1 era
By Dan Kaplan on Apr 24, 2009 2:54PM