Remember the dire predictions surrounding the ‘millennium bug?’ The doom-and-gloom scenarios bandied about by security analysts on how computers could act when their clocks turned to January 1, 2000?
Well, researchers are hoping that a potential April Fool’s time bomb — the Conficker.c that is supposed to hit computers on April 1 — turns out to be equally unfounded. But realizing that hope alone is not a prudent option, here is a primer on the worm so you can adequately prepare yourself — and your computer. What is Conficker.c and what do analysts fear it may do Conficker.c is a worm, a malicious program thought to have already infected between 5 million and 10 million computers. Those infections haven’t spawned many symptoms, but on April 1 a master computer is scheduled to gain control of these zombie machines, said Don DeBolt, director of threat research for CA, a New York-based IT and software company. What happens on April Fool’s Day is anyone’s guess. The program could delete all of the files on a person’s computer, use zombie PCs — those controlled by a master — to overwhelm and shut down Web sites or monitor a person’s keyboard strokes to collect private information like passwords or bank account information, experts said. More likely, though, said DeBolt, the virus may try to get computer users to buy fake software or spend money on other phony products. Experts said computer hackers largely have moved away from showboating and causing random trouble. They now usually try to make money off their viral programs. Watch more on the worm » How does the Conficker.c work Conficker.c imbeds itself deep in the computer where it is difficult to track. The program, for instance, stops Windows from conducting automatic updates that could prevent it from causing damage.
Internet crime jumps by a third last year
‘Smart Grid’ may be vulnerable to hackers
China analysts dismiss cyber-espionage claims
The program’s code is also written to evolve over time and its author appears to be making updates to thwart attempts to neuter the worm. Who wrote the program It’s unclear who wrote the program, but anti-work researchers — a group calling itself the Conficker Cabal — are looking for clues. First, they know that some recent programs have come from Eastern European countries outside the jurisdiction of the European Union, said Patrick Morganelli, senior vice president of technology for Enigma Software. Worm program authors often hide in those countries to stay out of sight from law enforcement, he said. In a way, the Conficker Cabal is also looking for the program author’s fingerprints. DeBolt said security researchers are looking through old programs to see if their programming styles are similar to that of Conficker C. The prospects for catching the program’s author are not good, Morganelli said. “Unless they open their mouth, they’ll never be found,” he said. So, the most effective counter-assault simply may be damage control. How can I tell if my computer’s infected One quick way to see if your computer has been infected is to see if you have gotten automatic updates from Windows in March. If so, your computer likely is fine, DeBolt said. Microsoft released a statement saying the company “is actively working with the industry to mitigate the spread of the worm.” Users who haven’t gotten the latest Windows updates should go to http://safety.live.com if they fear they’re infected, the company’s statement says. People who use other antivirus software should check to make sure they’ve received the latest updates, which also could have been disabled by Conficker.c. How did the worm evolve The first version of Conficker — strain A — was released in late 2008. That version used 250 Web addresses — generated daily by the system — as the means of communication between the master computer and its zombies. The end goal of the first line was to sell computer users fake antivirus software, said Morganelli. Computer security experts largely patched that problem by working with the Internet Corporation for Assigned Names and Numbers to disable or buy the problematic URLs, he said. A second variant, Conficker.b, was released in January and infected millions more machines. The Conficker, strain C, will generate 50,000 URLs per day instead of just 250 when it becomes active, DeBolt said. What is being done to fight Conficker
Members are searching for the malicious software program’s author and for ways to do damage control if he or she can’t be stopped. They’re motivated in part by a $250,000 bounty from Microsoft.