Conficker on April 1st: Eve of destruction or big joke?

ISPs ready countermeasures

Will the Conficker worm, expected to activate on April 1, set off viral destruction or be a dud?

Security experts say Conficker.C (also called Downadup) presents a serious threat. Infected machines -- said to number from 3 million to 10 million globally, depending on estimates -- could be activated for data destruction and theft or espionage, spam relays or denial-of-service (DoS) attacks. While a "doomsday scenario" on April 1 seems unlikely, many security professionals regard Conficker.C as the malware fruit of a disciplined criminal operation out to make money off it.

"We need to take it seriously," says Chris Rodriguez, research analyst for network security at consultancy Frost & Sullivan. "The biggest concern is the effectiveness it's had in spreading."

According to Cisco, Conficker.C has infected about 10 million Windows-based computers in 150 countries, with China estimated at 3 million, Brazil at 1 million and Russia at 800,000. These are the top three Conficker infection spots, with some researchers saying the high counts in these regions are due to pirated Microsoft software that doesn't get patched and lack of antivirus software on machines. In the United States, about 200,000 infected computers are suspected.

Symantec, which says it uses a different method for estimates, puts the total Conficker infection count at more like 3 million globally. However you count, an attacker would find it "easy to point all these machines at one target for a denial-of-service attack, or use them for spam or click fraud or cyber-espionage," Rodriguez says. "I'd be surprised if something didn't happen on April 1."

"I wish I could tell you the issue is overblown but that's not the case," says Pat Peterson, Cisco fellow and chief security researcher.

Conficker.C, now under the microscope in labs, reveals "an insane amount of effort in engineering this," Peterson says.

Because Conficker debuted last fall, it hasn't done much besides concentrate on spreading and blocking access to antimalware vendor sites. But Peterson believes Conficker was designed with the intent of making money for the criminals who created it. So DoS attacks, spam, stealing data -- all of those are actions are the Conficker botnet might be used to do.

But Peterson adds that if Conficker is activated as an aggressive botnet by its masters, there will be some countermeasures from ISPs and others trying to coordinate information and actions, such as severing links to its creators.  Peterson's guess is Conficker's creators are likely Russian or Ukrainian.

Peterson says he thinks the April 1 trigger date probably won't be so much about "mass destruction" and "lighting up the Internet" that was seen by some worm out-breaks of years past, but more about the commencement of new command-and-control capabilities.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityconficker

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?