April 1st has come and gone and the much ballyhooed Conficker Internet Worm attack turned out to be a non-event; or did it?

internetConficker was another in a string of innovative, modern, and nefarious pieces of malicious computer code that was unleashed into the wild, installed itself into millions of unprotected computers, and then sat dormant awaiting directions from an unknown entity to do as yet undiscovered horrible deeds.  This one was especially diabolical because it came in multiple forms, had differing signatures for anti-virus software, actually told machines to fail connections to security websites that contained patches designed to thwart it, and it could even load and install patches to itself.  A real nasty computer bug.

Expert reviews of the code revealed that on April 1 it was expected to contact somewhere and do something.  No one knew what…Here are some stories about it from around the web:

  1. ABCnew.com: Top 5 Famous Computer Hackers: From Conficker to the First Computer Virus
  2. PCWorld.com: Conficker Worm: Not Finished Yet
  3. ArsTechnica.com: Conficker.C appears on schedule, but only as a whisper

Now that the date has come and gone, the mainstream media (MSM) is ready to call it all over and move onto to the next story.  I, however, believe that Conficker may just have achieved exactly what its author intended.

First, Conficker was a tremendous marketing ploy for whomever authored and deployed it.  Obviously, the public does not have a name or group behind it, but that does not mean that group of coders cannot use it as the ultimate resume bullet.  Honestly, their product is pure computer science genius and if you were in the market for malicious code, one cannot ignore the fact that these folks would be considered the A-Team.  If marketing was the objective, then they had the entire world watching, talking about, and writing reams about their work.  An advertising tour de force.

Second and much worse, if Conficker was a deception or distraction, it would certainly make a treacherous rouse of historic proportions.  For one day, the entire world’s population of information professionals and computer security experts were all watching this one piece of malware.  They even exposed their best defenses, sensors, and tactics to the bad guys to observe.  Maybe, the whole point was to distract the police while they robbed the bank around the corner?  Maybe, all they wanted was to see what the good guys would do if they activated the worm.  I bet that type of intelligence would come in very useful for building version 2.  Conficker as a deception would have been a home run.

Third, it is possible that Conficker was in fact a macro level attack on the computer user world as a whole.  Consider the amount of desensitization that the public and business leaders experienced to a real attack or threat.  Chicken Little’s cautionary tale about the sky falling seems to hold some relevance here.  The public was genuinely paying attention to the threat of Conficker – the one that did not come.  Whether the authors of this code intended it or not, they caused incalculable harm to the cause of raising general awareness to network security vulnerabilities and user responsibilities for information assurance.  The next time that we, information professionals cry “wolf”, they may look before they leap.

We all know that jumpers threatening suicide will  be shown immediately on  television.  No surprise is shown when terrorist attacks get all the headlines in newspapers.  Even though we know that it just rewards bad behavior, we cannot help but highlight bad news. No matter what the intended goal of Conficker really was, it preyed on our worst instincts and most likely achieved success.

So do you think that the Conficker Worm was a marketing ploy or treacherous rouse?

That is my Information Technology Thought of the Day (ITTOD) for April  3, 2009 ©Scott Coughlin.