The fear-inducing Conficker worm is set to explode (or something) this Wednesday, April 1. Wondering what the hell that actually means? You aren’t alone.
No one knows exactly what Conficker will bring, but plenty of theories are floating around. Some take on apocalyptic tones, while others seem more like nonchalant groans. Before you unplug your computer and brace yourself in the fetal position, though, consider some of the possibilities and how likely they appear to be.
1. It’ll be Y2K all over again.
Just picture it: Computers worldwide simultaneously freak out. Banks go haywire, airports shut down… — oh, wait a minute. None of that stuff ever happened.
That’s exactly what a lot of security experts are expecting to see this week: a collective sigh of relief as all the hype turns into a big fat punchline, ripe for months of late night comedy milking.
“The truth is, there will be no April 1st outbreak, despite what some of the press stories have said so far,” says Joe Stewart, director of malware research with SecureWorks.
“The probability of a major [Conficker]-related event taking place on April 1 is really not very likely,” agrees Vincent Weafer, vice president of Symantec’s security response group.
Armageddon? Fuh-get-it.
2. Hackers will take over the world.
On the other end of the spectrum, some are suggesting that the worst could actually occur. Just look at these sentiments from a not-at-all sensational story by U.K. tabloid The Sun (and yes, these are all unmodified, direct quotes):
• “Millions of computers around the world could go into meltdown.”
• “The aggressive bug could be hiding on your PC at home right now, waiting to kick in.”
• “For the hackers, it’s like having a virtual army at their fingertips.”
• “They could also plunder information, including your bank details.”
Meltdown? Hiding in my home? Army? Plunder?! That fetal position is starting to look more appealing.
But really, most people who study security for a living say this extreme type of scenario seems awfully unlikely. What’s more, research released just today by IBM Internet Security System’s X-Force (note to self: rename bowling team “The X-Force”) suggests Conficker’s presence in the U.S. has been greatly exaggerated. Fewer than 6 percent of Conficker infections are in North America, IBM says. The majority are in Asia, followed by Europe and then South America.
The smartest thing you can do right now is to check if you’re infected — and, if you are, run a removal tool to make the fix before midnight.
3. Every infected computer will lose all of its data.
The Conficker event scheduled for April 1 could contain code telling the bug to wipe out the hard drives of every personal computer in sight. Key word there: could.
The truth, as PC World’s Erik Larkin points out, is that the folks behind malware are typically looking to make some sort of measurable gain. As valuable as your photo collection from last year’s family vacation is (and yes, I know about the bikini pics), odds are, it’s not what a hacker is after.
4. Spam, spam. Lots of spam.
One way that gain could be accomplished is through spam — and lots of it. With millions of machines believed to be affected worldwide, Wednesday’s potential communication expansion could give Conficker’s creators the power to blast us with bundles of annoying new e-mails. That threat, some say, could be very real, as could the idea of targeted denial-of-service (DoS) attacks.
Still, any DoS attacks would more likely be aimed at corporate networks, not individual users, and many major institutions have already taken steps to protect themselves.
5. Jerry Yang will suddenly become an omnipotent force, ruling the entire world from a top-secret Silicon Valley bunker.
Hey, I’m just saying — anything’s possible here. And of all the scenarios we’ve considered, this final one may be the most troubling. I mean, what anti-virus program could possibly protect us from that frightful fate?
Fetal position, here I come. I’ll be under my desk if anyone needs me.
Connect with JR Raphael on Twitter (@jr_raphael) or via his Web site, jrstart.com.