THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING

Conficker deadline slips by to no effect

Associated Press / April 2, 2009
  • Email|
  • Print|
  • Single Page|
  • |
Text size +

SAN FRANCISCO - The Conficker Internet worm's feared April Fools' Day throwdown for control of millions of infected PCs stirred lots of panic but came and went with a whimper.

Security experts say some Conficker-infected computers - those poisoned with the latest version of the worm - started "phoning home" for instructions more aggressively yesterday, trying 50,000 Internet addresses instead of 250. However, security companies monitoring the worm remained successful at blocking the communications.

"We didn't see anything that wasn't expected," said Paul Ferguson, a security researcher at antivirus software maker Trend Micro Inc.

The worm can take control of PCs running Microsoft's Windows operating system. Tied together into a "botnet," these PCs can be directed to send spam, carry out identity-theft scams, and bring down websites by flooding them with traffic.

That's why the April 1 change in Conficker's programming was a small twist - and not the end of the story. The network of Conficker-infected machines could still spring to life.

One scary element is that Conficker's authors have given the infected PCs peer-to-peer abilities, which allows them to update each other and share malicious commands through encrypted channels. That ability means the computers don't have to contact a website at all, and the communications are protected.

And the criminals behind Conficker are likely taking their time. "The people who are pulling the strings on this are very slow and determined and measured in making modifications to this botnet," Ferguson said. "Basically, they're building a layer of survivability."

Conficker spreads without human involvement, moving from PC to PC by exploiting a security hole in the Windows operating system. In October, Microsoft issued a software update, called a "patch," to protect PCs, but not everyone applied the patch.

In one telltale sign of an infected machine, Conficker blocks Microsoft's site as well as those of most antivirus companies. Computer owners can work around that obstacle by having someone else e-mail them a Conficker removal tool.

Security researchers don't have a firm estimate of the number of Conficker-infected machines. There appear to be at least 3 million infected PCs, and possibly as many as 12 million.