Conficker on April 1st: Eve of destruction or big joke?

ISPs ready countermeasures

Will the Conficker worm, expected to activate on April 1, set off viral destruction or be a dud?

Security experts say Conficker.C (also called Downadup) presents a serious threat. Infected machines -- said to number from 3 million to 10 million globally, depending on estimates -- could be activated for data destruction and theft or espionage, spam relays or denial-of-service (DoS) attacks. While a "doomsday scenario" on April 1 seems unlikely, many security professionals regard Conficker.C as the malware fruit of a disciplined criminal operation out to make money off it.

"We need to take it seriously," says Chris Rodriguez, research analyst for network security at consultancy Frost & Sullivan. "The biggest concern is the effectiveness it's had in spreading."

According to Cisco, Conficker.C has infected about 10 million Windows-based computers in 150 countries, with China estimated at 3 million, Brazil at 1 million and Russia at 800,000. These are the top three Conficker infection spots, with some researchers saying the high counts in these regions are due to pirated Microsoft software that doesn't get patched and lack of antivirus software on machines. In the United States, about 200,000 infected computers are suspected.

Symantec, which says it uses a different method for estimates, puts the total Conficker infection count at more like 3 million globally. However you count, an attacker would find it "easy to point all these machines at one target for a denial-of-service attack, or use them for spam or click fraud or cyber-espionage," Rodriguez says. "I'd be surprised if something didn't happen on April 1."

"I wish I could tell you the issue is overblown but that's not the case," says Pat Peterson, Cisco fellow and chief security researcher.

Conficker.C, now under the microscope in labs, reveals "an insane amount of effort in engineering this," Peterson says.

Because Conficker debuted last fall, it hasn't done much besides concentrate on spreading and blocking access to antimalware vendor sites. But Peterson believes Conficker was designed with the intent of making money for the criminals who created it. So DoS attacks, spam, stealing data -- all of those are actions are the Conficker botnet might be used to do.

But Peterson adds that if Conficker is activated as an aggressive botnet by its masters, there will be some countermeasures from ISPs and others trying to coordinate information and actions, such as severing links to its creators.  Peterson's guess is Conficker's creators are likely Russian or Ukrainian.

Peterson says he thinks the April 1 trigger date probably won't be so much about "mass destruction" and "lighting up the Internet" that was seen by some worm out-breaks of years past, but more about the commencement of new command-and-control capabilities.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityconficker

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?