Conficker with 10M victims, April 1 update soon
Security experts are downplaying much of the speculation surrounding an expected 1 April update for the notorious Conficker malware. Also known as ‘downadup’, the malware has been spreading throughout 2009 and is believed to have infected millions of PCs. Analysis of the Conficker code suggests that the latest version will instruct infected machines on 1 April to contact an unknown domain and await further instructions. The possibility has led to reports of a possible “doomsday” infection, or a huge attack from the Conficker botnet. These worries, however, are little more than uninformed hysteria, according to security experts. Many security researchers believe that Conficker’s April Fool’s Day event may in fact be laughably minor. F-Secure researchers reassured users in a special guide posted to the company blog that in all likelihood Conficker’s 1 April update would be a non-event.
“The Conficker worm is going to change its operation a bit, but that’s unlikely to cause anything visible on 1 April,” F-Secure said. The company also noted that only the latest version of the malware, known as ‘Conficker C’, which constitutes a small percentage of total infections, would be carrying out any instructions on 1 April. “The truth is that Conficker is not set to activate a specific payload on 1 April. Rather, Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.” Malware creation has evolved into a lucrative business since Melissa, and most experts believe that Conficker’s update will be the first step in a spam run or other money-making activity, rather than an old-fashioned attempt at internet mayhem. “The people behind this piece of code are very skilled, very well informed and resourced. They have invested much time and effort in the creation of this botnet, and will be aiming to see some return on that investment,” wrote Trend Micro senior security advisor Rik Ferguson in a blog post.
Source: Vnunet
Comments(27)
I bet not a single thing will happen. Come on – it happens on the April's Fools Day? Sound like a load of bull to me.
I'm not worried.
~BW
what tha hell I haven't even heard of this crap … anyone else?
heard about it a month or so ago…
Rapid Share links please!
Single megaupload link please
On April Fool's Day??
I bet this is just a Prank!
WE ARE ALL GOING TO DIIIIEEE
oh wait..!
This is just in. The sarcasm-o-meter is off the chart!
It will simply uninstall leaving you with a Windows 7 ad.
We'll see..
just like anti pirate victims, who is not protected should be turned victim, plain 20th and still are people that go online without security, they need to learn.
The machines are rising against there masters. Oh noes~
Linux Saves the day!!! http://pclinuxos.com/
http://rapidshare.com/files/214230033/Conficker.zip
enjoy
Just another way to scare people into purchasing antivirus software and software to prevent such an attack. Another way to scare people into purchasing a legit copy of windows to run security patches. Corporate bullsh*t.
@13
LMAO you dumb nut… way to go
hmm on April 1st uhh NO DEAL
Well. Let's just sit back, relax and enjoy the view from our linux spaceship. Excuse me, while I go to transwarp.
The exploit that allows this worm to infect Windows machines was patched on October 15th 2008. If people are turning off automatic updates and not manually patching their systems, or they're using pirated copies of XP and can't get around Windows Genuine Advantage, then it's their own fault really.
its skynet!
judgementday is near!
I'm curious if it uses the time off of a remote server, or uses window's time.
If it uses windows time, you could simply set your date back to March 30th on the 31st and wait for the news to see what happens to everyone else
Replicants are like any other machines.. They're either a benefit or a hazard.
@11 Fear said:
<blockquote>The machines are rising against there masters. Oh noes~</blockquote>
@14 justblazed said:
<blockquote>Just another way to scare people into purchasing antivirus software and software to prevent such an attack. Another way to scare people into purchasing a legit copy of windows to run security patches. Corporate bullsh*t.</blockquote>
What are you guys smoking?
As someone who has literally had to break computer viruses, and has written a couple minor ones back in the day, (and one that actually would not be so minor) it shows severe ignorance as to how they, and the online world work.
Viruses continue to show up every day for the same reason as graffiti: people are destructive vandals in every aspect of society. Viruses are also pretty darn easy to write.
We should continue to update windows in order to combat the people being vandals, to add support for new hardware and software, to provide bug fixes… Linux is updated not because it is a corporate scam but because it is volunteers essentially doing the same thing.
Rest assured, the authorities are tracking the virus writers down. In several cases they have been caught. However, it's harder to track down than the author of the chain mail you get in your inbox and the viagra ads, not to mention that as long as you route through a few countries you end the authorities' in questions' jurisdiction, and it could well be the user writing a virus is in Bogota, Kuala Lumpur, or Dallas.
People are evil
Viruses are easy to write.
Products need updating to handle new features and deal with evil people.
questforhonor no., su
ojustblazed – really stfu. if you have not heard about this yet, you clearly have no involvement in I.T.
@17 – ohdear – its propogation methods are beyond the exploit.
I am been removing this since A.. its so annoying. Easy to clean, but on large network, its a nightmare.
@ the bbc – please stop scare mongering.
for anyone actually interested – a nice analysis on the latest variant : http://mtc.sri.com/Conficker/addendumC/
wah – nice, but "Rest assured, the authorities are tracking the virus writers down." – not they aren't
they have no idea what they are doing. 98% luck if they catch someone.
EPIC FAIL
gonna have to do better than tha for an april fools joke ha!
<b>@22 odies – "not they aren't
they have no idea what they are doing. 98% luck if they catch someone."</b>
if I remember correctly, one of the more dificult things about Conficker is that it mutates making it particularly hard to detect and trace back to the source. I guarantee you there are a team of people working to find the person responsible, but that is unfortunately fairly difficult.
There is no better date to release it than april fools day, think about it.
Hi, Can you help me? Our network is infected with this malware. it keeps coming back….
thanks in advance!
We enjoy laughing at Conficker and say happy April fool day