Conficker C Worm to Activate on April Fool’s Day

The Conficker C worm is no joke.

As we have discussed here before, the April 1 virus (really it's a worm) is spreading fast - it's already infected between 5 million and 10 million computers. 

Microsoft is even offering a $250,000 reward to anyone who can stop it.

Now, a group of anti-worm researchers have teamed up to form a group they call the Conficker Cabal. The group is attempting to hunt down the malicious program's creator and looking for ways to do damage control.

"We love catching bad guys," said Alvin Estevez, CEO of Enigma Software Group, one of the many organizations trying to stop the April 1 virus. "We're hackers who like to catch other hackers. To us, we get almost a feather in our cap to be able to knock out that worm. We slap each other five when we're killing those infections."

So far, the infection hasn't done too much damage, but all of that could change on April 1st.  On April Fool's Day, a master computer is expected to take over the infected machines, said Don DeBolt, director of threat research for CA, a New York IT company.

No one seems to know exactly what to expect once the Conflicker worm is activated.  The infected computers could be used to attack other websites, all of their files could be deleted, or perhaps something even more sinister.

What's more likely, though, said DeBolt, is that the Conflicker C worm may try to get users to buy fake software or other fake products.

Many experts say that hackers are now trying to make money off their viral programs through sneaky affiliate marketing or pay-per-install tactics.

DeBolt said that Conficker C implants itself deep in your computer's memory where it is very hard to find.  The program then stops Windows from running  automatic updates that could stop the worm's progress. What's even worse is that the Conficker C worm's code has been written to "evolve" over time.

Its creators are making regular updates to it to hold off the Conficker Cabal's attempts to shut it down.

Conficker C Prevention

If you haven't gotten a Windows update in a while, head to http://safety.live.com and get the latest one.

The first version of the worm, Conficker A, started spreading in late 2008. That version used 250 Web addresses, which were autogenerated on a daily basis by the worm, as the main communication lines between the master computer and its drones.

The goal of the first version of Conflicker was to sell fake antivirus software. Experts were able to contain that strain by deactivating or buying the fake URLs. That probably won't work with the April 1 virus.  This strain will auto-create 50,000 URLs daily instead of a mere 250 when it activates itself.

We highly recommend that you visit the Amazon Security Solutions page now.  There you can compare Norton, McAfee, BitDefender and even Kaspersky Anti-Virus.  If you are concerned about malware on your computer, Amazon Security Solutions is the only page you need to bookmark.

Related articles by Zemanta

• New Conficker worm set to attack on April 1 despite bounty (cbc.ca)
• Microsoft virus becomes an epidemic (timesonline.typepad.com)
• Windows worm could be used by hackers to steal credit card details warn experts (telegraph.co.uk)
• Microsoft bounty for worm creator (news.bbc.co.uk)
• Worm Infects Millions of Computers Worldwide (nytimes.com)
• The April Fools Joke That Keeps On Giving (techcrunch.com)
• Virus Grounds French Fighters (loosewireblog.com)
• Microsoft Security Advisory 961051 Updated (blogs.technet.com)

It's nice to see you again! Thanks for reading Blippitt. What do you think of this story? Be sure to leave a comment below.

Technorati Tags: Conficker, Conficker C, Conficker Virus, Kaspersky Anti Virus, Microsoft, Microsoft Windows, Security, Windows Update

Related Stories on Blippitt:

• Downadup Virus (AKA Conflicker): 9 Million Windows Computers Already Compromised
• Conficker or Conflicker? Attack Could Be Coming Either Way