I confess that I am not too worried about Conficker. With this much advanced warning (amidst even more hoopla), I am hard pressed to believe much would or could happen to the huge uninfected population. We appear to disregard the fact that even the highest estimates of Conficker infection rate are at less than 1% of Internet connected client systems.

It is also worth noting that the worm-like properties of this malware is already in progress; the April 1st date is a payload question. It seems like the mass media is treating this like Code Red, Nimda, or Melissa when many more systems will get infected. Not true, although the payload could incorporate further exploit code.

Aside from spamming sites and targeted DDOS attacks, I don't see other strong possibilities that can't be thwarted by existing defenses. Massive defacing action? Some sort of coordinated CSRF attack? I am extremely wary of "black swan" scenarios and would be curious to hear what others can come up with as feasible negative outcomes.

Of course, this doesn't mean that the infected parties themselves won't experience individual pain.

I am actually more worried about the perception of computer security by the general public. After Y2k, with many, many, many changes made and resulting in limited damage, people ridiculed the entire effort as much ado about nothing. Will Conficker preparations have the same fate?

To whatever extent Conficker tries something nefarious and fails, we should work hard to document our successes in protecting folks (any failures in this regard will be obvious).