Conficker Work (image courtesy of Wikipedia)

Rumors are spreading that a new version of the Conficker worm will be causing widespread havoc again on April 1, its anniversary date. Media reports have related that Conficker could be activated on that day giving a hacker access to millions of computers affected by the worm. Others reported that the French military has grounded a few of its fighter planes due to the threat.

While the media are concocting doomsday scenarios, worm and virus experts are shrugging off the threats. Anti-virus company F-secure has already said that there is no likelihood of a widespread, global attack. Only those that are still infected by the Conficker worm will be affected, if such an event should happen.

Frankly, I tinkered with the code but I do not see anything in its programming that sets it to run on April 1. Therefore, a Conficker attack is as likely to happen on my birthday six months from now or on Christmas as on April 1. The closest is that it will probably start sending out queries to Web servers to begin infecting new machines.

However, Conficker is a very powerful worm. Even if anti-virus experts poo-poo the whole thing, it will be wise for you to take action. In January this year (although Conficker has been traced to have been existing as early as November 2008), it was released in the Internet and subsequently infected millions of computers worldwide in just four days. The whole time, the infections happened undetected by most users, helping it spread unhampered. Further, the worm already has a lot of variants running around the Net.

So how do you determine if you have been infected by the worm?

Conficker exploits a vulnerability in Microsoft (what is surprising here?) and installs some sort of security software on the infected machines. The Microsoft Web site says that common symptoms include tripping of account lockout policies, slow response to client requests to domain controllers, a congested network, and inability to access security-related Web sites. You might also have been infected if your automatic updates, Error Reporting services and Windows Defender have been disabled.

To be sure, download the latest removal tools from your favorite anti-virus sites. F-secure has one. You can also download the patch provided by Microsoft at their Web site. This patch addresses the vulnerability and ensures that no further infections happen.

Microsoft also has a procedure to stop the worm from spreading, but not remove it (again, nothing surprising here).

No related posts.