Conficker Worm Prepares For A New Release On April 1

March 27, 2009 by John Messina, Phys.org weblog

Conficker Worm April 1 Release
(PhysOrg.com) -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over 8 million business computers and scores of individual computers in 2008.

The conficker worm is periodically evolving by downloading updates that creates thousands of false domains daily to throw off security investigators. On the day it chooses to update, it selects 500 correct domains out of the 50,000 candidates to download malware and updates from.

On the first release it tried to download and execute a file called loadav.exe. It turned out that the file was never uploaded and the next generation did away with this. This led investigators to believe it was a malware program trying to promote itself as fake antivirus software.

The second release, the worm used Windows Services, on unpatched machines, to spread. This new release also had the power to spread over network shares by trying to log in autonomously into network machines with weak passwords. It developed the ability to infect USB sticks connected to infected machines, giving it another means of transmission.

On the final and third release, which became know as the Downadup virus, peer-to-peer communication between infected systems was added to it's arsenal of weapons. The virus also added new domain-generation algorithms to help it disguise where it was receiving its updates from.

Microsoft is offering a bounty for the worm's writers and security experts are no closer to having any clue as to the individual or individuals who are writing the Conficker code.

As Conficker continues to spread and get smarter, there is little doubt it's creating an army of infected machines, one that can cause serious damage. On April 1 we will see the attacks be taken to the next level. One can only guess what this next release has in store for the Global Internet Community.

© 2009 PhysOrg.com

Explore further: The Raging Windows Worm has attacked over 8.9 Million Computers

Related Stories

Help! How to avoid fast-moving computer worm

January 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

Downadup Worm Hits Over 3.5 Million Computers

January 16, 2009

(PhysOrg.com) -- Security firm F-Secure has advised that the Downadup worm has spread to more than 3.5 million computers by exploiting a vulnerability Microsoft patched last October. This is achieved by trying to connect ...

No foolproof way to beat virus attack for now

August 17, 2005

Microsoft continues to be the prime target for those intent on wrecking havoc in cyberspace, but for now the software giant argues that only it can save users from computer-virus attacks.

Recommended for you

Privacy becomes a selling point at tech show

January 7, 2019

Apple is not among the exhibitors at the 2019 Consumer Electronics Show, but that didn't prevent the iPhone maker from sending a message to attendees on a large billboard.

China's Huawei unveils chip for global big data market

January 7, 2019

Huawei Technologies Ltd. showed off a new processor chip for data centers and cloud computing Monday, expanding into new and growing markets despite Western warnings the company might be a security risk.

26 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

columbiaman
not rated yet Mar 27, 2009
How exactly do we know that the worm is getting an update on April 1st?
jmessina
4 / 5 (1) Mar 27, 2009
The latest variant of the worm, Conficker.C, is programmed to do something on April 1. What exactly its will do no one knows.
moj85
5 / 5 (1) Mar 27, 2009
it will turn into SkyNet!
Mayday
5 / 5 (1) Mar 27, 2009
If they have determined the date, why not out-smart the clock so it reads as April 1st and see what it does?
Ant
1.5 / 5 (2) Mar 27, 2009
If you are not the attaker HOW DO YOU KNOW
Bob_Kob
5 / 5 (1) Mar 27, 2009
Its an april fools joke.
thales
4 / 5 (4) Mar 27, 2009
Let's see: it's powerful, it inhabits millions, it's been killed only to rise again, and its final coming is at hand.

I for one have already asked Conficker into my heart and joyously await its arrival. The rest of you are screwed.
Mercury_01
5 / 5 (1) Mar 27, 2009
WORM BAD!!!!!!!!!
MorituriMax
4 / 5 (4) Mar 28, 2009
thales, lol... you have made me also see the light.

hilarious
Sky2042
not rated yet Mar 28, 2009
I for one have already asked Conficker into my heart and joyously await its arrival. The rest of you are screwed.


You also share your loyalties to the FSM, don't you?
Ashy
not rated yet Mar 28, 2009
Somehow or other it will be very funny Fools day :)

"At April 1 we will announce our new great virus!" *applause* "It will be more mysterious and dangerous than previos versions!"
Modernmystic
1 / 5 (1) Mar 28, 2009
Let's see: it's powerful, it inhabits millions, it's been killed only to rise again, and its final coming is at hand.



I for one have already asked Conficker into my heart and joyously await its arrival. The rest of you are screwed.



Does this article have something to do with religion or is it that you can't help exercise your bigot fetish and troll like a moron on every thread you post on?
javes
not rated yet Mar 28, 2009
Modern mystic is completely correct, except for one thing... Why just exclaim everyone else is screwed? Prosthetize!
shyataroo
not rated yet Mar 28, 2009
And people wonder why I have a mac.
Modernmystic
3 / 5 (2) Mar 28, 2009
And people wonder why I have a mac.


If you were a sociopathic jerk and wanted write malicious code and really screw with a lot of people's lives would you....

a)Write said code so it will only effect 1% of the population, or...

b)Wrist said code so it will effect 99% of the population?

Don't break something thinking TOO hard about it...
Ant
5 / 5 (1) Mar 29, 2009
I too have a freind who is convinced that Macs are virus proof. I would suggest that most atakers beleive mac are so irrelavent they cant be bothered.
random
4 / 5 (1) Mar 30, 2009
cool, I can't wait
QubitTamer
not rated yet Mar 30, 2009
You thought it was over... You thought it was forgotten... but on April 1st, 2009...







All your base are belong to us!



eeeent!
eeeent!
eeeent!
Mercury_01
5 / 5 (1) Mar 31, 2009
WHAT HAPPEN?!?!?


SOMEBODY SET US UP THE BOMB!!!!!
Ethelred
not rated yet Mar 31, 2009

SOMEBODY SET US UP THE BOMB!!!!!


Terrible. You got your bad translation WRONG.

Its

"Somebody set us up the bomb."

Your way makes too much sense. Please get it right in the future.

A more appropriate choice of mistranslations would be:

You have no chance to survive make your time.

Ethelred
Mercury_01
not rated yet Mar 31, 2009
What you say? Thats actually how I talk.
Mercury_01
not rated yet Apr 01, 2009
What you say? Thats actually how I talk.


Not surprising.





FYI: if you've run windows update since July 08 you're all set.




I think you may have missed the joke, V. Here: youre about 10 years late, but Im sure its still funny.

http://www.youtub...ugh-fFgg
Mercury_01
not rated yet Apr 01, 2009
Oh, well then...

WORM BAD!!!!
x646d63
not rated yet Apr 04, 2009
No conspirators amongst us? I'm convinced the CIA or Mossad is responsible for conficker. It's an eavesdropping tool. It's was originally designed to penetrate large networks (corporations), not necessarily individual home computers. I think Microsoft and other vendors have traced it to its origins, but what can they do about it if it's CIA?
smokabowl420
not rated yet Apr 04, 2009
As crazy as it may sound, SkyNet is actually the right answer. My brother works for Sony Entertainment, and told me the conficker virus is really just a very advanced form of viral marketing for the new Terminator:Salvation movie.

Just wait, you'll see.
bmcghie
5 / 5 (1) Apr 05, 2009
Well, I dunno what the virus did for the movie. I was going to see it just to see if ANYONE could equal good ol' Arnold as the Terminator.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.