As expected, the April 1st activation date for the Conficker worm passed without much noise but, as Microsoft and others are explaining, the botnet associated with the worm is very much alive -- and still potentially dangerous.
"[This threat] should remain a manageable cause for concern and it doesn’t go away after April 1," says Microsoft's Christopher Budd. The malware still lives on millions of Windows machines and could start calling home for instructions at any time.
Now that the crazy hype has died down (hopefully!), it's important for end users to get reliable information on eyeballing the presence of Conficker on a machine and, if it's found, disinfection instructions from a Web site that isn't blocked by the malware.
Because Conficker blocks victims from visiting Web sites for anti-malware vendors, Joe Stewart from SecureWorks has come up with a clever eye-chart (if that gets blocked, try this one) that provides visual confirmation on infections.
If you can see all three images in the top grid below, your computer is NOT infected with Conficker. However, if one of the F-Secure, SecureWorks or Trend Micro logos appears broken, chances are your computer is part of the Conficker botnet. Here's the explanation on how to interpret the chart.
- Googling for Conficker clean-up information? Be careful
- Researchers make Conficker breakthrough
- CBS 60 Minutes covers Conficker, malware epidemic
It's also very tricky to point users to disinfection tools because they are all hosted on Web sites that are blocked. The only one I've seen on an unblocked site is BitDefender's bdtools.net, which offers disinfection tools for single PCs or networks.
If Conficker is not present on your machine, it's important that you apply all Microsoft security updates immediately.
The Conficker Working Group has also provided some excellent maps with a view of the botnet around the world: