In an event that hits the computer world only once every few years,
security experts are racing against time to mitigate the impact of a
bit of malware which is set to wreak havoc on a hard-coded date. As is
often the case, that date is April 1.
creators love to target April Fool's Day with their wares, and the
latest worm, called Conficker C, could be one of the most damaging
attacks we've seen in years.
Conficker first bubbled up in late 2008 and began making headlines in January
as known infections topped 9 million computers. Now in its third
variant, Conficker C, the worm has grown incredibly complicated,
powerful, and virulent... though no one is quite sure exactly what it
will do when D-Day arrives.
Thanks in part to a quarter-million-dollar bounty on
the head of the writer of the worm, offered by Microsoft, security
researchers are aggressively digging into the worm's code as they
attempt to engineer a cure or find the writer before the deadline.
What's known so far is that on April 1, all infected computers will
come under the control of a master machine located somewhere across the
web, at which point anything's possible. Will the zombie machines
become denial of service attack pawns, steal personal information, wipe
hard drives, or simply manifest more traditional malware pop-ups and
extortion-like come-ons designed to sell you phony security software?
No one knows.
Conficker is clever in the way it hides its tracks
because it uses an enormous number of URLs to communicate with HQ. The
first version of Conficker used just 250 addresses each day -- which
security researchers and ICANN simply bought and/or disabled -- but
Conficker C will up the ante to 50,000 addresses a day when it goes
active, a number which simply can't be tracked and disabled by hand.
this point, you should be extra vigilant about protecting your PC:
Patch Windows completely through Windows Update and update your
anti-malware software as well. Make sure your antivirus software is
actually running too, as Conficker may have disabled it.
Microsoft also offers a free online safety scan here, which should be able to detect all Conficker versions.