Conficker Worm Prepares For A New Release On April 1

Mar 27, 2009 by John Messina weblog
Conficker Worm April 1 Release

(PhysOrg.com) -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over 8 million business computers and scores of individual computers in 2008.

The conficker worm is periodically evolving by downloading updates that creates thousands of false domains daily to throw off security investigators. On the day it chooses to update, it selects 500 correct domains out of the 50,000 candidates to download malware and updates from.

On the first release it tried to download and execute a file called loadav.exe. It turned out that the file was never uploaded and the next generation did away with this. This led investigators to believe it was a malware program trying to promote itself as fake antivirus software.

The second release, the worm used Windows Services, on unpatched machines, to spread. This new release also had the power to spread over network shares by trying to log in autonomously into network machines with weak passwords. It developed the ability to infect USB sticks connected to infected machines, giving it another means of transmission.

On the final and third release, which became know as the Downadup virus, peer-to-peer communication between infected systems was added to it's arsenal of weapons. The virus also added new domain-generation algorithms to help it disguise where it was receiving its updates from.

Microsoft is offering a bounty for the worm's writers and security experts are no closer to having any clue as to the individual or individuals who are writing the Conficker code.

As Conficker continues to spread and get smarter, there is little doubt it's creating an army of infected machines, one that can cause serious damage. On April 1 we will see the attacks be taken to the next level. One can only guess what this next release has in store for the Global Internet Community.

© 2009 PhysOrg.com

Explore further: Fujitsu develops technology to quickly detect latent malware activity in internal networks

add to favorites email to friend print save as pdf

Related Stories

Help! How to avoid fast-moving computer worm

Jan 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

Downadup Worm Hits Over 3.5 Million Computers

Jan 16, 2009

(PhysOrg.com) -- Security firm F-Secure has advised that the Downadup worm has spread to more than 3.5 million computers by exploiting a vulnerability Microsoft patched last October. This is achieved by trying ...

No foolproof way to beat virus attack for now

Aug 17, 2005

Microsoft continues to be the prime target for those intent on wrecking havoc in cyberspace, but for now the software giant argues that only it can save users from computer-virus attacks.

Recommended for you

Microsoft CEO is driving data-culture mindset

16 hours ago

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Enabling dynamic prioritization of data in the cloud

Apr 14, 2014

IBM inventors have patented a cloud computing invention that can improve quality of service for clients by enabling data to be dynamically modified, prioritized and shared across a cloud environment.

User comments : 39

Adjust slider to filter visible comments by rank

Display comments: newest first

columbiaman
not rated yet Mar 27, 2009
How exactly do we know that the worm is getting an update on April 1st?
jmessina
4 / 5 (1) Mar 27, 2009
The latest variant of the worm, Conficker.C, is programmed to do something on April 1. What exactly its will do no one knows.
moj85
5 / 5 (1) Mar 27, 2009
it will turn into SkyNet!
Mayday
5 / 5 (1) Mar 27, 2009
If they have determined the date, why not out-smart the clock so it reads as April 1st and see what it does?
Ant
1.5 / 5 (2) Mar 27, 2009
If you are not the attaker HOW DO YOU KNOW
Bob_Kob
5 / 5 (1) Mar 27, 2009
Its an april fools joke.
LuckyBrandon
3 / 5 (4) Mar 27, 2009
i would tend to agree with bob kob...any legit virual entity, especially one where the developers are truly unknown persons, will NEVER have a release date for the next version of the virus.
The ONLY way I could see that happening, is if the antivirus companies themselves are developing the virus (which, btw, they DO have people on staff that do nothing but develop viruses so the code can be used to expand the AV softwares viral database)....I also wouldnt doubt that is the case with that being said.


we're still about a decade away, give or take a few years, from anything even approaching the capabilities of skynet...oih except for my domain controller bearing the same name...oh and about 50 of my buddies domain controllers as well :)
thales
4 / 5 (4) Mar 27, 2009
Let's see: it's powerful, it inhabits millions, it's been killed only to rise again, and its final coming is at hand.

I for one have already asked Conficker into my heart and joyously await its arrival. The rest of you are screwed.
Mercury_01
5 / 5 (1) Mar 27, 2009
WORM BAD!!!!!!!!!
MorituriMax
4 / 5 (4) Mar 28, 2009
thales, lol... you have made me also see the light.

hilarious
Sky2042
not rated yet Mar 28, 2009
I for one have already asked Conficker into my heart and joyously await its arrival. The rest of you are screwed.


You also share your loyalties to the FSM, don't you?
Ashy
not rated yet Mar 28, 2009
Somehow or other it will be very funny Fools day :)

"At April 1 we will announce our new great virus!" *applause* "It will be more mysterious and dangerous than previos versions!"
Modernmystic
1 / 5 (1) Mar 28, 2009
Let's see: it's powerful, it inhabits millions, it's been killed only to rise again, and its final coming is at hand.



I for one have already asked Conficker into my heart and joyously await its arrival. The rest of you are screwed.



Does this article have something to do with religion or is it that you can't help exercise your bigot fetish and troll like a moron on every thread you post on?
javes
not rated yet Mar 28, 2009
Modern mystic is completely correct, except for one thing... Why just exclaim everyone else is screwed? Prosthetize!
shyataroo
not rated yet Mar 28, 2009
And people wonder why I have a mac.
Velanarris
5 / 5 (1) Mar 28, 2009
And people wonder why I have a mac.

Because you bought into all of that "Mac is virus proof" crap?
Modernmystic
3 / 5 (2) Mar 28, 2009
And people wonder why I have a mac.


If you were a sociopathic jerk and wanted write malicious code and really screw with a lot of people's lives would you....

a)Write said code so it will only effect 1% of the population, or...

b)Wrist said code so it will effect 99% of the population?

Don't break something thinking TOO hard about it...
Ant
5 / 5 (1) Mar 29, 2009
I too have a freind who is convinced that Macs are virus proof. I would suggest that most atakers beleive mac are so irrelavent they cant be bothered.
random
4 / 5 (1) Mar 30, 2009
cool, I can't wait
Velanarris
2 / 5 (1) Mar 30, 2009
I too have a freind who is convinced that Macs are virus proof. I would suggest that most atakers beleive mac are so irrelavent they cant be bothered.
Ask your friend why they continue to make (and sell) antivirus products for Macs if they're virus proof.
QubitTamer
not rated yet Mar 30, 2009
You thought it was over... You thought it was forgotten... but on April 1st, 2009...







All your base are belong to us!



eeeent!
eeeent!
eeeent!
Mercury_01
5 / 5 (1) Mar 31, 2009
WHAT HAPPEN?!?!?


SOMEBODY SET US UP THE BOMB!!!!!
Ethelred
not rated yet Mar 31, 2009

SOMEBODY SET US UP THE BOMB!!!!!


Terrible. You got your bad translation WRONG.

Its

"Somebody set us up the bomb."

Your way makes too much sense. Please get it right in the future.

A more appropriate choice of mistranslations would be:

You have no chance to survive make your time.

Ethelred
Mercury_01
not rated yet Mar 31, 2009
What you say? Thats actually how I talk.
Velanarris
not rated yet Mar 31, 2009
What you say? Thats actually how I talk.

Not surprising.

FYI: if you've run windows update since July 08 you're all set.
Mercury_01
not rated yet Apr 01, 2009
What you say? Thats actually how I talk.


Not surprising.





FYI: if you've run windows update since July 08 you're all set.




I think you may have missed the joke, V. Here: youre about 10 years late, but Im sure its still funny.

http://www.youtub...ugh-fFgg
Velanarris
not rated yet Apr 01, 2009
I think you may have missed the joke, V. Here: youre about 10 years late, but Im sure its still funny.

http://www.youtub...ugh-fFgg

I think you missed the joke. I'm familiar with the poorly translated Japanese game, and the resulting internet All Your Base fad.
Mercury_01
not rated yet Apr 01, 2009
Oh, well then...

WORM BAD!!!!
x646d63
not rated yet Apr 04, 2009
No conspirators amongst us? I'm convinced the CIA or Mossad is responsible for conficker. It's an eavesdropping tool. It's was originally designed to penetrate large networks (corporations), not necessarily individual home computers. I think Microsoft and other vendors have traced it to its origins, but what can they do about it if it's CIA?
smokabowl420
not rated yet Apr 04, 2009
As crazy as it may sound, SkyNet is actually the right answer. My brother works for Sony Entertainment, and told me the conficker virus is really just a very advanced form of viral marketing for the new Terminator:Salvation movie.

Just wait, you'll see.
bmcghie
5 / 5 (1) Apr 05, 2009
Well, I dunno what the virus did for the movie. I was going to see it just to see if ANYONE could equal good ol' Arnold as the Terminator.
LuckyBrandon
1 / 5 (1) Apr 18, 2009
Ant-I could write something in about 10 minutes to kill a MAC or a PC. Its ANY computer system, that can even include metal presses and metal manufacturing plants...if a virus is written to understand the code and destroy from there, it WILL do its job. MACs are a POS unless your doing multimedia related things...the end.

x646...-there is DoD code written into every operating system developed in the US. If a government entity were responsible, trust me, we would NEVER know the worm was ever even there. This isn't any government thing...they are pricks, and they steal our rights daily, BUT, this is the governments doing. The last I heard, this was suspected to come from eastern europe.

smokabowl420-1. love the name, can I join :D 2. When the hell is that coming out I wanna see it :D
Velanarris
4 / 5 (1) Apr 19, 2009
There is no DoD code written into Operating Systems. None whatsoever. This isn't really refutable either, so I'd like to know where you heard this that you'd take it as gospel.

Big Brother was watching, but he changed the channel because we're all boring, and he really doesn't care.
LuckyBrandon
1 / 5 (1) Apr 19, 2009
I would rather not get into that, but lets just say that my prior and current professional experience has put me in a position to know a lot of insider information about a lot of products....with my background being in areas ranging from systems engineering to infrastructure architecture to development....
But let's forget I said anything about it in hind sight...I need to stop my drinking binge.... :|
I should have phrased it differently though, to reflect more of a backdoor, not specific code.
LuckyBrandon
3 / 5 (2) Apr 19, 2009
Oh and if big brother doesn't care, then why are there federal agents stationed at cell phone companies to this day...those bastards are even scanning our cell phone calls....I'm pretty sure that's public knowledge now....
Velanarris
5 / 5 (1) Apr 20, 2009
Are you referring to the CID chip embedded on all motherboards allowing physical polling reads, that's hardly a backdoor, it's an info tagger so if you generate something, an email, a photoshop picture, a web page, the machine that created the content can be identified but only if you have the content, and the machine, in hand. You're not the only IT engineer here.



And as for agents at the cell phone companies, welcome to the 40's. The FCC regulates all radiowaves, including cellular, 3g, EVDO, and all the other nifty portable comm techs. They're antipiracy, as well as oversight.

Just because the NSA can record your conversation, and listen to it, doesn't mean they care about your conversations. You're too boring for Big Brother to care about. Seeing as you're on a free-range, searchable forum, you should probably also know that they can track every purchase you make with credit cards, all your usernames and passwords, what you have in your grocery cart at the chekout line, etc, etc. And since you've raised a slight "anti-governmental" statement in the past, you'd expect that they're watching you right now as you eat your english muffin and contemplate heading down to the basement for a jerk before work, but, they don't care.
LuckyBrandon
1 / 5 (1) Apr 23, 2009
And as for agents at the cell phone companies, welcome to the 40's. The FCC regulates all radiowaves, including cellular, 3g, EVDO, and all the other nifty portable comm techs. They're antipiracy, as well as oversight.

There is secret service of all things at cell phone companies...I know an agent assigned to one who is basically family to me....and he/she (won't say) has been there for a few years now.


Oh and no, not speaking to the chip...

And I do agree, I myself, along with every last one of us in here is too boring to review, but that doesnt change the fact they ARE violating our right to privacy unconstitutionally.
LuckyBrandon
1 / 5 (1) Apr 24, 2009
I need to revamp my comment above...I spoke with my friend, and he/she basically said that they were "encouraged" to leave their agent position in lieu of a position at a cell phone company where she would be interfacing with the government branches involved ..so NOT still secret service, but thats where he/she was when he/she was "encouraged"....he/she took a generous pay raise too...
Velanarris
not rated yet Apr 26, 2009
Like I've said before, information is the new currency of international relations, so businesses will pay top dollar for the best security they can get.



Who better than secret service and the various militaries?

More news stories

Net neutrality balancing act

Researchers in Italy, writing in the International Journal of Technology, Policy and Management have demonstrated that net neutrality benefits content creator and consumers without compromising provider innovation nor pr ...

Cosmologists weigh cosmic filaments and voids

(Phys.org) —Cosmologists have established that much of the stuff of the universe is made of dark matter, a mysterious, invisible substance that can't be directly detected but which exerts a gravitational ...

Bionic ankle 'emulates nature'

These days, Hugh Herr, an associate professor of media arts and sciences at MIT, gets about 100 emails daily from people across the world interested in his bionic limbs.