To hear some media outlets talk on Tuesday, one would have thought that the Apocalypse was closing on the world like Jaws on an innocent swimmer. Havoc, mayhem, hemorrhoids, male pattern baldness — just about everything imaginable was supposed to break loose yesterday as the Conficker worm came crawling out of its hole. Why, then, is Preparation H stock up a mere quarter-point and we all still have our hair?（周二听一些媒体报道，你会觉得世界末日就要来临了，就像《大白鲨》扑向无辜的游泳者。 混乱、骚乱、痔疮、男性型脱发——几乎所有能想到的事情都应该在昨天随着 Conficker 蠕虫从它的洞里爬出来时爆发。那么，为什么 Preparation H 的股价只上涨了四分之一点，而我们都还保有头发？）

Humor and vasoconstrictors aside, why didn't the gigantic boom we were all told to expect materialize? According to experts, they don't know. What members of the Conficker Working Group are sure of is that money, not mayhem, is at the root of the worm, and those behind it will eventually use it for spamming, DDOS attacks, or to pilfer private information. Security company Finjan's Cybercrime Intelligence Report estimates a single author could make nearly $4 million per year through a botnet of the sort Conficker establishes.（抛开幽默和血管收缩剂不谈，为什么我们都被告知会发生的巨大 *boom* 并没有出现？据专家说，他们也不知道。 Conficker 工作组的成员确信的是，金钱，而不是混乱，是该蠕虫的根源，并且其幕后黑手最终会将其用于垃圾邮件、DDOS 攻击或窃取私人信息。 安全公司 Finjan 的网络犯罪情报报告估计，单个作者可以通过 Conficker 建立的僵尸网络每年赚取近 400 万美元。）

Contrary to what some have suggested, the worm did, in fact, do what it was expected to do — it activated, giving the worm-masters full administrator-level control over some five million infected PCs, and making itself much more difficult to detect and fight. The worm generates URLs by which the master computer communicates with infected machines, constantly staying ahead of the efforts of security experts to shut them down. Beginning yesterday, the botnet began communicating over 50,000 domain names in 116 countries — a dramatic increase over the 250 URLs used by previous versions of the the worm.（与一些人所建议的相反，该蠕虫实际上做了它应该做的事情——它激活了，使蠕虫主控者完全拥有对大约五百万台受感染 PC 的管理员级别的控制权，并且使其更难以检测和对抗。该蠕虫生成 URL，主计算机通过这些 URL 与受感染的机器通信，不断领先于安全专家关闭它们的努力。 从昨天开始，该僵尸网络 开始在 116 个国家/地区的 50,000 多个域名上进行通信——与以前版本的蠕虫使用的 250 个 URL 相比，有了显着增加。）

While many of the same media organizations that were predicting death, doom, and destruction switched to mocking the worm's lack of dramatic explosions, experts say whomever is behind the worm is likely biding their time. Said Lumension Security's Paul Henry: "They'll wait for the hype to subside...They'll wait for everyone to stop watching, and they'll take it for a test run. They've put together one hell of a botnet here, and they're going to want to exercise it."（尽管许多预测死亡、厄运和毁灭的媒体组织转而嘲笑该蠕虫缺乏戏剧性的爆炸，但专家表示，无论谁是该蠕虫的幕后黑手，都可能在等待时机。 Lumension Security 的 Paul Henry 说：“他们会等待炒作消退……他们会等待每个人都停止关注，然后他们会进行试运行。 他们在这里建立了一个非常糟糕的僵尸网络，他们会想要使用它。”）

As for the April 1 date, researchers say it could have been a sick joke or attempt by the author to get attention, intended to induce exactly the kind of brouhaha that took place. What it definitely did, though, was bring heightened awareness of the worm, and reduced the number of infections by an unknown figure. Experts urge anyone who has not done so already — especially those in government, corporate, and education settings, where patching is often neglected, according to Roger Thompson of Exploit Prevention Labs — to scan their systems for the worm, install the patch for MS08-067, and pass the word along.（至于 4 月 1 日的日期，研究人员表示，这可能是作者开的一个恶作剧或试图引起注意，旨在引发当时发生的骚动。 然而，它确实提高了对蠕虫的认识，并减少了未知数量的感染。 专家敦促尚未这样做的人——尤其是那些在 政府、企业和教育机构中的人，根据 Exploit Prevention Labs 的 Roger Thompson 的说法，这些地方通常会忽略补丁——扫描他们的系统以查找蠕虫，安装 MS08-067 的补丁，并将消息传递出去。）

And just in case you missed it, Linux Journal's own Associate Editor Shawn Powers covered how to detect Conficker using Linux tools on Tuesday, right here on LinuxJournal.com.（以防万一你错过了，*Linux Journal* 的副编辑 Shawn Powers 周二就在 LinuxJournal.com 上 介绍了如何使用 Linux 工具检测 Conficker。）