Conficker an April Fool's joke? Maybe not

Just because the Conficker worm didn't launch an attack on April Fools Day doesn't mean it still isn't a threat. But it did make the world painfully aware of the penalty for not keeping its patches up to date.
Written by Tom Espiner, Contributor
The Conficker worm variant expected to mobilize on April 1 activated as expected, but did not upload any new malware, according to security companies.

The worm, also known as Downadup, has infected between one million and 15 million machines, according to some estimates. The worm shuts down security services, blocks computers from connecting to security websites and downloads a Trojan.

The Conficker C variant was programmed to connect infected machines to 50,000 domains on Wednesday. The worm was then expected to deliver a malware update to the computers. However, the anticipated threat has failed to materialize.

F-Secure security specialist Patrik Runald wrote on the F-Secure blog that while some infected machines had attempted to contact domains specified by the worm, no update had been sent.

"So what's going on? So far — nothing," Runald wrote on Wednesday. "Infected computers are generating the list of 50,000 domains and are attempting to contact 500 of those like we've described earlier, but so far no update has been made available (by the bad guys)."

Paul Ferguson, an advanced threats researcher at Trend Micro, told CNET News on Wednesday that the security company had seen some effect in Asia. "We've seen activity in honeypot machines in Asia... They're generating the 50,000 list of (potential) domains to contact," said Ferguson.

Researcher Holly Stewart, writing on the IBM ISS Frequency X blog, said the 1 April date seemed to have been a joke on the security companies.

"April Fool's does certainly seem to have been a joke on us," wrote Stewart. "We knew it might happen... but we had to be on alert anyway. Hey, that's why we're here, right? I guess the point is that even though nothing happened today, I think, at least, that something is going to happen eventually."

Stewart warned of the potential for the infected machines to be made into a network of compromised machines, or botnet, as a money-making venture. Botnets can be used for purposes such as sending spam, and performing denial-of-service and brute-force attacks.

"It's obvious that the development of Conficker has cost someone a lot of money," wrote Stewart. "The advanced technology and sophisticated obfuscation that we've witnessed is fairly unprecedented. It would really, really surprise me if no one decides to cash in on that hefty investment."

This article was originally posted on ZDNetUK.

Editorial standards