Remember the Conficker botnet? It's still out there, lurking, waiting, dreaming like Cthulhu, as mysterious and deadly as it was last spring when the *New York Times *called it an "unthinkable disaster" in the making, and 60 Minutes warned the entire internet could be disrupted.
Now, five months after failing to satisfy all the doomsday predictions tied to an April 1 ticking-clock, Conficker has pulled off its sneakiest trick yet: doing nothing for five months. The *Times *has the story again; Conficker is "like a ghost ship" now.
Some might take Conficker's quiescence as evidence that the first round of reporting was hyped to the gills. But since I've already asked Wired's art department to produce a spooky Ghost Ship version of our Conficker War Room graphic, let's stay with it.
Experts, the Times reports, fear that Conficker might be in lurk mode because it's the work of "an intelligence agency or the military of some country to monitor or disable an enemy's computers." It's worth noting that the malware targets out-of-date, unpatched Windows machines, and at last count only about 2 percent of infections were in the U.S. So we're looking for an intelligence agency with a grudge against China, Brazil, Russia and your parents.
Unhelpful to the cyber espionage theory is the fact that Conficker has actually done something. After the April 1 media glare died, Conficker updated itself with code that generates pop-up spam on a victim's computer hawking a $49.95 fake anti-virus program. That's the same kind of profit-oriented scamming that drove previous large-scale botnets, which somehow failed to excite the media's imagination.
See Also: