Conficker Mania

March 31, 2009 (CNN) Remember the dire predictions surrounding the "millennium bug?" The doom-and-gloom scenarios bandied about by security analysts on how computers could act when their clocks turned to January 1, 2000?


Well, researchers are hoping that a potential April Fools' time bomb -- the Conficker.c that is supposed to hit computers on April 1 -- turns out to be equally unfounded.

But realizing that hope alone is not a prudent option, here is a primer on the worm so you can adequately prepare yourself -- and your computer.

Conficker.c is a worm, a malicious program thought to have already infected between 5 million and 10 million computers. Those infections haven't spawned many symptoms, but on April 1 a master computer is scheduled to gain control of these zombie machines, said Don DeBolt, director of threat research for CA, a New York-based IT and software company.

The program could delete all of the files on a person's computer, use zombie PCs -- those controlled by a master -- to overwhelm and shut down Web sites or monitor a person's keyboard strokes to collect private information like passwords or bank account information, experts said. More likely, though, said DeBolt, the virus may try to get computer users to buy fake software or spend money on other phony products.

Conficker.c imbeds itself deep in the computer where it is difficult to track. The program, for instance, stops Windows from conducting automatic updates that could prevent it from causing damage.

It's unclear who wrote the program, but anti-work researchers -- a group calling itself the Conficker Cabal -- are looking for clues. First, they know that some recent programs have come from Eastern European countries outside the jurisdiction of the European Union, said Patrick Morganelli, senior vice president of technology for Enigma Software. Worm program authors often hide in those countries to stay out of sight from law enforcement, he said.

One quick way to see if your computer has been infected is to see if you have gotten automatic updates from Windows in March. If so, your computer likely is fine, DeBolt said. Microsoft released a statement saying the company "is actively working with the industry to mitigate the spread of the worm."

Users who haven't gotten the latest Windows updates should go to http://safety.live.com if they fear they're infected, the company's statement says.

People who use other antivirus software should check to make sure they've received the latest updates, which also could have been disabled by Conficker.c.

The first version of Conficker -- strain A -- was released in late 2008. That version used 250 Web addresses -- generated daily by the system -- as the means of communication between the master computer and its zombies. The end goal of the first line was to sell computer users fake antivirus software, said Morganelli.

Computer security experts largely patched that problem by working with the Internet Corporation for Assigned Names and Numbers to disable or buy the problematic URLs, he said.

A second variant, Conficker.b, was released in January and infected millions more machines.

The Conficker, strain C, will generate 50,000 URLs per day instead of just 250 when it becomes active, DeBolt said.

Members are searching for the malicious software program's author and for ways to do damage control if he or she can't be stopped.

They're motivated in part by a $250,000 bounty from Microsoft.

Comments

Popular posts from this blog

“How Are We Doing?” Efficiency, Utilization, and Productivity

EOQ Calculations in Excel

Excel Pareto Digrams and Run Charts for Total Quality Management