We're still not sure if the reason that Conficker infected machines are all quiet so far is because nothing has been triggered, or because whatever has been triggered is so hush-hush, that we're just not aware that it is happening even!

If it's really low-key, the owners of infected machine might not notice (see Article "Will the conficker "event" go unnoticed by those infected?" Yesterday).

What is known is that a few "small" events have happened - Big Ben, the clock in Parliament Square, London, UK was affected, and the time was apparently changed on the famous clock.

Another attack was noticed at a Nuclear Missile base which triggered a full scale military alert - signs that I was indeed correct that our security might be compromised when questioned on the radio (600KCOL in Loveland, CO) yesterday.

So do we still expect a MAJOR EVENT?!??!

It is really difficult to say...

There is still a possibility that these criminals will "lie low" - and use their massive botnet in a stealthy criminal enterprise (revised estimates yesterday as high as 12 Million bot 'soldiers'). It is also possible that a "show of strength" will be possible if bragging plays any part of the motivation of these guys.

However - and this is more likely... this is going to a date that fizzles, as the new code for Conficker is downloaded from computers all over the world onto their botnet army... then slowly and methodically, they'll test the reach of this infestation before flexing it's muscles. When they DO flex, it will be like a regular exercise for us humans - first a few stretches - attacks or spambot armies will be tested slowly, then a little more vigorously - before ramping up to full scale "production" or money making role that they are planning.

I suspect that we will see them be cautious - probably splitting their botnet into different types of money producing criminal enterprises for their financial gain... the toolkit probably contains a number of different money making arms.. spambot, DDoS bots and more - business as usual probably for these thieves...

This entry was posted by Greg Hewitt-Long on Wednesday, April 1. 2009 at 06:51. and is filed under Adware, Spyware and Trojans.