So what do you guys think on all this coverage of the worm? Here's a post from a blog tracking it: http://blogs.chron.com/techblog/archives/2009/04/tracking_conficker_so_far_its_a_snoozer_1.html It's already April 1 in Asia, where the plurality of infected Conficker PCs are apparently located. Early reports on the Windows computer worm, which was supposed to start looking at 500 Internet domains for new instructions, show that not much is happening initially. From PCMag.com: The "Conficker" worm is live within Australia, security vendors have confirmed, where it is April 1. At this point, however, it remains quiescent. Security company Trend Micro has seen the Conficker or Downadup worm increase the number of DNS resolutions, as expected, said Paul Ferguson, the lead researcher for security intelligence, advanced threats research. At this point, however, the worm has taken no other action. Conficker is expected to hit the United States on Wednesday, April 1. But it is already a day ahead across the international date line, where Conficker is waking up. At Information Week, the story's the same: It's April 1 in Asia and Australia at the moment, and the Conficker worm is busily expanding the list of domains from which it seeks instructions. The results so far recall the Y2K crisis: lots of worry but not much impact. "Conficker has activated," said Patrik Runald, chief security adviser at F-Secure, in a blog post on Tuesday. "So far nothing has actually happened." John Markoff at the New York Times says researchers believe Conficker is trying to communicate with a central server: Members of an informal global alliance of computer security specialists who have been attempting to eradicate a malicious software program known as Conficker said Tuesday that they were seeing early attempts by the program to communicate with a control server. The researchers said they were uncertain if the program had been successful. There's been a lot of hysterical coverage of Conficker, and while it's smart to keep your Windows computers patched and your antivirus software up to date, there's no real need to panic. But the hype has caused malware writers to take notice, and the makers of bogus antispyware products - which are themselves spyware - are starting to tout fake Conficker cleaners that are actually malicious programs themselves. There are also some poisoned search results on Google you'll want to avoid. I'll be keeping an eye out for new developments, and will post them here as I find them. But so far, it's looking like a snoozer. Updated 6:15 a.m. | 4.1.2009: Reports this morning continue to indicate that, yes, Conficker is seeking out more domains for its instructions, but that appears to be all that's going on. At this point, it does not appear to be finding what it's looking for. From F-Secure: Infected computers use the local time as the trigger to start generating the list of 50,000 domains, so in places where the local time is already April 1st, these computers are now actively polling for domains. And, until the GMT date is April 1st they are in fact polling for domains for 31st March. So far there hasn't been any updates available on those sites. Of course, this does not mean things will stay quiet. Conficker's creators could post instructions, a new payload or even a code update to any of the domains the worm is checking at any time - later today, tomorrow, next week, next month, or whenever. Updated 6:25 a.m.: To hammer home the fact that Conficker's not causing any problems, the SANS Internet Storm Center has left today's threat level at green. And if you listen to SANS' daily Network Security "StormCast" - an Internet threat forecast - you'll hear Conficker described as "a dud". Here's the full MP3 of today's forecast. Updated 10:20 a.m.: Still quiet on the Conficker front. Report continue to indicate that there's little, if any, fallout from the worm's changes. That could change at any point, of course, should Conficker's authors transmit new instructions or code. And if it does, Roger Thompson - the chief research officer at AVG, makers of the popular AVG Free antivirus program - says it will be a corporate and governmental issue: . . . this is a government/ corporate/ education problem... not a consumer. The two main vectors for spreading are a vulnerability in a service called RPC, which was patched in October 2008, and poorly protected network shares. The only people that have networks and who also don't patch are government, corporates and education users. Fortunately, they're also the folk that have staff with expertise that they can call on to fight back. The worm probably grabbed millions of users right out of the box in December 2008, but any gov/ corp/ edu user who is still infected after five months, deserves it. On the other hand, JoeThe Plumber almost certainly allows automatic patching each month, and probably doesn't have much of a network, and presents a much smaller target. Updated 11:09 a.m.: I like Ben Worthen's take on the Conficker hype at the Wall Street Journal. He puts Conficker's actions vs. the hysteria of some media into perspective: Conficker was never going to launch an attack on April 1. There's a line in the computer code that tells computers infected with the virus to visit a series of Web addresses in order to get new instructions. That's it. No one knew what those instructions would be, and that uncertainty scared many security types who assumed the worst. They shared these worst-case scenarios with reporters--most of whom barely know how to turn on a computer--and voila, we all had a front row seat at the hype Olympics.