As someone who spent some time at work a few weeks ago trying to understand Conficker and measure its impact, I feel your pain. The 60 Minutes story is what really transformed it from being a garden variety infection to THE GATHERING STORM OF DOOOOOOOOOOM, and when the media latches on to a particular technology threat, they often overstate the risk, or don't understand that there are many other risks that could be worse given the right set of circumstances.

However, I will say that as botnets go, Conficker is *huge*. Getting reliable information on the size of botnets is no easy task, but where I work, we monitor a very large network, and have developed tools for detecting conficker at the network level. One of our researchers posted this blog entry in late March with an estimate of 2.3 million infected machines worldwide.

That's a LOT of horsepower sitting out there waiting to do harm. If it's just sending out spam/phishing attacks, it's no more dangerous than other botnets, but if they decided to start doing targeted denial of service attacks, you could be talking about some serious problems with some serious financial consequences for the site(s) and/or provider(s) who get hit.

Saying that it's easy to remove or that all you need to do is run Windows Update misses the point, which is that a vast majority of people won't bother to remove it, and a vast majority of those not yet infected probably haven't bothered to run Windows Update to patch the vulnerability.

In other words, yes, the press is somewhat arbitrary about which threats it treats seriously, and yes, every day there are thousands of machines getting owned by garden variety worms and viruses. But the sheer scale and sophistication of conficker is something security researchers are taking seriously, and represents a serious escalation of the cat-and-mouse game between black and white hats.