April Fool’s Infection – Conficker C

Stock Image courtesy of iStockphoto.com
Stock Image courtesy of iStockphoto.com

One of the most sophisticated and dangerous malware applications in the history of computers is set to unleash its fury on April 1, 2009. Conficker C is nasty enough to warrant a $250,000 bounty from Microsoft for any information leading to the identification and prosecution of the worm’s authors.

From the limited research I’ve been able to do, it appears that, on April 1, any computer infected with Conficker C will automatically and immediately come under the control of the worm’s controllers. Little is known as of yet what those individuals intend to do with that control, but the possibilities are nearly endless. The implications could range from simply popping up annoying adware windows to reading your entire computer history (passwords, bank information, etc.) to completely wiping your hard drive.

In my research, I did find that this worm presents itself as a dynamic link library (DLL), which is strictly a Windows entity. Therefore, at this time, the worm is not a threat to Linux or Macintosh computers.

I have not been able to determine yet whether this virus will only affect computers on April 1, or if it will automatically initiate any time the computer is booted into Windows on or after April 1. In other words, are we safe if we simply avoid logging into Windows on that day, or will we get hit the next time we start our computer?

There is, apparently, a “security scan” available on Microsoft’s Web site (it supposedly works only with IE). However, the articles I’ve read seem to indicate that professionals still know very little about the worm and how it works. At this time, there is still not a “cure” for it. Therefore, I am curious just what the safety scan will do.

You can read more about the worm in the following articles. The first is a news story, so it’s written in basically laymen’s terms. The second is an entry from the Wall Street Journal’s LiveMint blog. The third is a technical analysis of the information currently known about the worm, so it is a great deal more difficult to decipher.

One Response

  • Great write up. I fear that with the April Fools day target date that many people with consider this a hoax. Truth be known that Conficker is a growing trojan that began with Conficker-a and now has evolved to conficker-c. Microsoft reported that they first discovered the trojan in November 2008. For all windows based PCs make sure you run a full windows update and combined with a leading anti-virus you should be well protected. http://confickerinfo.com