It's hard to believe that tomorrow will be April 1st. Along with the many jokes and pranks, the threat of the Conficker worm looms. Conficker is designed to take advantage of several weaknesses in Microsoft's Windows operating system to turn your computer into a bot. With D-day for the worm tomorrow, many security professionals are scrambling to make sure that they are not the ones that are part of a statistic.
My prediction is that April 1st will come and go just like any other day, without anything major happening. Why do I feel this way? I have worked in this industry for over 25 years now, and I know a lot of security people. They are top-notch professionals that have already anticipated this day and their systems are clean. I am sure that there will be some folks whose systems may be damaged by the Conficker worm, however, these are the same people that are not doing daily backups, have no policies and procedures, and fly by the seat of their pants in the daily operation of their systems. (If this is you, go directly to the Knowledge Network and get the E-Mail and Virus Security Policy.)
I think the reason why Conficker has gained so much attention is because Microsoft put up a $250,000 bounty for the arrest and conviction of the author of the code. The media is making more noise about this than the security community. We live this stuff every day and we cannot be distracted by just one worm. For example, here is a short list of what you should be concerned with: