Conficker worm digs in around the world

April 1, 2009 by Glenn Chapman
A New York computer user. Computer security top guns around the world watched warily as the dreaded Conficker worm squirmed deeper into infected machines with the arrival of an April 1st trigger date

Computer security top guns around the world watched warily as the dreaded Conficker worm squirmed deeper into infected machines with the arrival of an April 1st trigger date.

The evolved, as expected, from East to West, beginning in time zones first to greet April Fool's Day.

"Planes are not going to fall out of the sky and the Internet is not going to melt down," said threat analyst Paul Ferguson of Trend Micro computer in Northern California.

"The big mystery is what those behind Conficker are going to do. When they have this many machines under their control it is kind of scary. With a click of a mouse they could get thousands of machines to do whatever they want."

A task force assembled by Microsoft has been working to stamp out the worm, referred to as Conficker or DownAdUP, and the US software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat.

The worm was programmed to modify itself on Wednesday to become harder to stop and began doing that when infected machines got cues, some from websites with Greenwich Mean Time and others based on local clocks.

Conficker task force members tracking Internet traffic in Asia and Europe after clocks struck April 1st there said there was no sign that the worm was doing anything other than modifying itself to be harder to exterminate.

Conficker had been programmed to reach out to 250 websites daily to download commands from its masters, they said, but on Wednesday it began generating daily lists of 50,000 websites and reaching randomly to 500 of those.

The hackers behind the worm have yet to give it any specific orders. An estimated one to two million computers worldwide are infected with Conficker.

Computer security specialists warn that the Conficker threat will remain even if April 1st passes without it causing trouble.

"It doesn't seem to be doing anything right now," Ferguson said as Conficker made its way to the western United States.

"I hope April 1st comes and goes with no trouble. But, there is this loaded pistol looming large out there even if no one has pulled the trigger."

The FBI said Tuesday it is working with the Department of Homeland Security and other US agencies to "identify and mitigate" the Conficker threat.

"The public is once again reminded to employ strong security measures on their computers," FBI Cyber Division assistant director Shawn Henry said in a release.

"That includes the installation of the latest anti-virus software and having a firewall in place...Opening, responding to, or clicking on attachments contained in unsolicited e-mail is particularly harmful and should be avoided."

The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows RPC Server Service.

It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another.

Malware could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.

Microsoft has modified its free Malicious Software Removal Tool to detect and get rid of Conficker.

The infection rate has slowed from a fierce pace earlier this year, but computers that are not updated with a software patch released by Microsoft remain vulnerable, according to security specialists.

Conficker was first detected in November 2008.

Among the ways one can tell if their machine is infected is that the worm will block efforts to connect with websites of security firms such as Trend Micro or Symantec where there are online tools for removing the virus.

Cyber-criminals have taken advantage of Conficker hype by using promises of information or cures to lure Internet users to websites booby-trapped with malicious software.

(c) 2009 AFP

Explore further: New homeland security tool to detect Conficker worm

Related Stories

Conficker Worm Prepares For A New Release On April 1

March 27, 2009

( -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over 8 million business ...

Don't fret about Conficker: Here's what to do

March 31, 2009

(AP) -- The Conficker worm, a nasty computer infection that has poisoned millions of PCs, will start ramping up its efforts Wednesday to use those machines for cybercrimes. It's unclear whether everyday PC users will even ...

Help! How to avoid fast-moving computer worm

January 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

Downadup Worm Hits Over 3.5 Million Computers

January 16, 2009

( -- Security firm F-Secure has advised that the Downadup worm has spread to more than 3.5 million computers by exploiting a vulnerability Microsoft patched last October. This is achieved by trying to connect ...

Recommended for you

A not-quite-random walk demystifies the algorithm

December 15, 2017

The algorithm is having a cultural moment. Originally a math and computer science term, algorithms are now used to account for everything from military drone strikes and financial market forecasts to Google search results.

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

FCC votes along party lines to end 'net neutrality' (Update)

December 14, 2017

The Federal Communications Commission repealed the Obama-era "net neutrality" rules Thursday, giving internet service providers like Verizon, Comcast and AT&T a free hand to slow or block websites and apps as they see fit ...

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...


Adjust slider to filter visible comments by rank

Display comments: newest first

1 / 5 (1) Apr 01, 2009
Yeah like I'm gonna buy the latest useless version of some virus checker because some 'computer security top gun' tells me too. "We've made a super virus, u best buy our product or we'll make your computer a zombie". Yeah yeah whatever, I'll just continue using my computer safely and avoid "dangers".

"Cyber-criminals have taken advantage of Conficker hype by using promises of information or cures to lure Internet users to websites booby-trapped with malicious software."

Only noobs and tards fall for that shit :-P
5 / 5 (1) Apr 01, 2009
Kind'a like Sarah Brady's sockpuppet Helmke and the NRA, they're each other's worst enemy and best boogerman, "Send us money or he'll get you!"

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.