Conficker

After several phones calls and in person chats, nothing happens. The media whips all these people into a fury and frenzy over this 'April 1st Virus' and nothing happens. Well, a few things happened, but nothing like the massive digital destruction foretold by the media.

The worm, dubbed Conficker (a German melding of "configure" and an obscene phrase), has security experts looking confused and useless. It's really a series of worms, all variants of the same code base, which have been released over time. Estimates place the number of PCs and servers compromised so far at about 10 million machines in over 150 different countries (with 3 million in China alone). The worm is scheduled to do ... something ... on April 1, hence forth as the media branding and general naming of the 'April 1st Virus'.

A church decided the risk was too great, so they kept all of their computers turned off. Sure, if they were infected or vulnerable, that would have saved them. After all, it is hard to damage a computer if it's powered down. They forget though, the threat just doesn't show up for one day and one day only. As soon as they power up, they'd be owned, but of course, since the media made a big deal about April 1st and ONLY April 1st, thats the only day to be worried. There is always a threat, always waiting, always probing...

The only other causality, was an older woman, who's husband was in such a panic over the worm, again, thanks to the media coverage. The husband was demanding that since the woman knew more about computers she NEEDED to get on-line and get extra protection on their just recently rebuilt Windows XP PC. Her reaction was just like the church's, keep the computer turned off. So she calls and we tell her, nothing is happening, no fire and brimstone, no digital death, and no Zero Hour. So she gets on-line, starts searching, and manages to download a copy of Spyware Doctor. The installation ends up hosing her PC and spitting out a BSOD, STOP 0x35.

So now she needs to bring the PC into the shop, again, so we can remove the Spyware Doctor and rollback the changes. Mind you, we'd just recently rebuilt her PC. So she was current with both her Windows and Office patches and on top of that, was protected with AVG Free 8.5! The PC would have also had the latest drivers, Java runtime environment, Adobe PDF Reader, Flash player, and Shockwave player! Had the husband just cooled it or the wife stood her ground, the situation would have been averted.

Why of all things, does it take so long to resolve the major infection avenue, the Windows Server service vulnerability discovered (and patched) in October 2008? According to security experts, up to 30 percent of all Windows machines worldwide are still not protected against this vulnerability. (It was around 50 percent at the end of 2008.)

I've informed both that the media should be sued for making such a big deal about nothing to help cover the costs with everyone over reacting and damaging the computers.