Not since the Y2K scare has there been as much discussion on yet another Internet "bug" threat - we're all concerned that the Conficker virus may deliver the dire consequences predicted by some of the more pessimistic prophets of Internet doom. On the eve of the trigger date for Conficker, the UK newspaper The Guardian published a story postulating that Conficker could be the biggest April Fool's joke ever played on the internet...or it could be one of the worst days ever for computers connected to the Web.
Apparently even security experts can't work out whether the Conficker virus – which has infected more than 10 million Windows PCs worldwide – will wreak havoc tomorrow, or just let the day pass quietly.
With a trigger date of midnight (time zone not specified) on 1 April, the Conficker program will start scanning thousands of websites for a new set of instructions telling it what to do next, the newspaper reports. Ten million machines believed to be infected by the virus could comprise one of the biggest networks of "robot" computers in internet history. And if they were all given a DDoS target, such as simultaneously sending search queries to Google or trying to connect to a gambling site, it could create major problems through the sheer volume of connections.
The Guardian reports that from midnight on Wednesday infected PCs will seek new instructions from a randomly generated list of thousands of websites that changes every day. Just one needs to be under the virus writers' control to turn Conficker into a newly configured botnet – making the task of catching the exact site a search for a needle in a computing haystack.
Security experts interviewed by the newspaper admitted they did not know what would happen on the triggering date and time. One specialist opined that the April Fool's Day deadline could be an attempt to misdirect the attention of security professionals and computer users – or that the activation date could even indicate a prank.
There are opinions that Conficker may not activate immediately, preferring to lie in wait before receiving further orders to avoid detection.
"There is no reason to believe that there will be any instructions for Conficker to receive on 1 April," the expert said. "They could just as easily be delivered on 2 April, 4 April, 25 May or never."
Philip Porras of SRI International told The Guardian: "At its core, the main purpose of Conficker is to provide the authors with a secure binary updating service that effectively allows them instant control of millions of PCs worldwide."
Vincent Weafer, vice-president of Symantec, said: "Most malware these days is designed to be used for some type of criminal monetary gain, and conducting such criminal acts typically requires stealth measures to be successful. This makes the odds that a major event will take place on 1 April even less likely, since there is so much attention being paid to that day."
Conficker – also known among security experts as "Downadup" – was first discovered in November last year, being sold as part of a "kit" by a Chinese hacker. Since then, two variants have been spotted as the virus has gone on to infect more than 10 million PCs.
Despite being tracked for several months, the truth about Conficker's motivations and origins remain clouded.
The identity of its creator remains unknown, despite Microsoft offering a bounty of a quarter of a million dollars for the information. Usual methods of unpacking the virus code to examine its workings have been thwarted because the authors have encrypted it, using algorithms that render it almost uncrackable.
In the meantime, Conficker has gone on to become one of the most widespread internet worms in recent years.
Even Britain's political centre - the House of Commons - has been infected. Last week a leaked memo revealed that the Commons computer system had the virus, leading to concerns that confidential or highly sensitive material could be stolen when the virus next updates.
In the document, Joan Miller, the director of parliamentary computer services, said that her team were "continuing to work with our third party partners to manage its removal and we need to act swiftly to clean computers that are infected".
The Guardian passes on some expert advice to Windows PC users: keep your anti-virus software up to date and watch for news about the worm.
One expert at the IT security firm Sophos reported some positive news, saying that many businesses appear to have Conficker under control. "They've applied patches and updated their anti-virus software to stem the spread of the worm. Some firms struggled to clean it up quickly – but most have now used some of the free Conficker removal tools available for download from security vendors," he said.
All News Categories
See 16 more categories