Last year everyone waited for the worst to happen.
We were certain that a new piece of malware would be the biggest thing to hit the internet in a long time and that nothing would be the same afterwards.
I am, of course, talking about the infection known as the Conficker worm and how it was supposed to activate on April 1st of last year.
We’ve Nuked It! Haven’t We?
There are certain blogs that are saying that Conficker and the associated botnet are now dead and that no-one is coming back for them (typically, I’ve forgotten where I’ve read that so feel free to drop links to such posts if you can find them).
Whether this is 100% true is not known right now, but what is known is that it has not made a sound lately.
That said, the worm was able to infect the largest amount of computers we have ever seen and now it is just sitting around, waiting for action.
Opinion amongst security experts is divided on whether the Conficker botnet is actually dead or not, though many lessons can be learned either way, as eloquently described in SC Magazines article, “One year since Conficker failed to flicker into action, what have we learned?” (Thanks to Dan Raywood for that link)
Some people believe that it is still active though and just waiting for people to turn their heads enough to let it rise up again.
Conficker, The Attention Whore
Since the worm was able to infect so many computers it received a lot of attention from both the security community and the press.
So much so that it is still a hot topic over a year after it first grabbed the headlines.
Conficker became such big news that Microsoft offered a $250,000 reward for anyone who could offer information about who created the original infection.
So far the money has not been collected and the creators are still on the loose.
Dead Or Alive?
The only way that a botnet can truly be considered destroyed is if it is wiped off of every computer that was infected.
If it is still sat on peoples’ computers, even if just lying dormant, then it lives on.
A dormant botnet can be woken, and not just by the original creators – it could also be taken over by someone who has reverse engineered the program in order to take control of it for themselves.
Even a rogue government, for example, could decide to cause trouble for the world’s internet community by taking over the botnet for a short amount of time.
Whatever the case, the botnet is just sitting there waiting for someone to turn it on.
Of course the likelihood of that diminishes by the day – the creators of the worm are likely too scared to actually use it now – if they do, they will have many government organizations from around the world coming after them!
It may well be that the creators of Conficker botnet could have decided that, even though they had a brilliant plan, that it is just too risky to follow through with it.
Right now they have two choices to make – they can retain their civil liberties by never turning it on, or they can become instant black hat hacking heroes by activitating it whilst running the risk of some serious jail time.
Do you believe Conficker still poses a threat?