Issue date: 4/1/09 Section: News

Media Credit: Tiffany Tran [Click to enlarge]

Conficker C, a worm that is thought to have infected between 5 million and 10 million computers already, is set to activate April 1. But no one is quite sure what it will do.

"Right now it's not destroying or stealing - it's just hanging out," Tom Cross, X-Force researcher in the IBM ISS division, told NetworkWorld, a technology news Web site.

The program could have a multitude of negative effects, including deleting files from computers, shutting down Web sites and monitoring keyboard strokes to obtain private information, CNN reported. The worm, according to the Seattle Post, is also able to deactivate security software and prevent access to security Web sites.

But just because it has these capabilities does not mean it will capitalize on them.

Don DeBolt, director of threat research for CA, an IT and software company, told CNN that the virus is more likely to get users to buy fake software or spend money on phony products.

Don Jackson, director of threat intelligence in the counter threat unit of SecureWorks, told NetworkWorld: "It has the potential to infect about 30 percent of Windows systems online, a potential 300 to 350 million PCs."

The origin and author of the virus is unknown, as is the extent of damage the worm could do. "It is very much a cat and mouse game," DeBolt said.

The virus spreads by using Windows AutoRun program.

"If it copies itself to a file share, and if the user clicks on a file, the user's computer will get infected," Cross said. "Even if the computer is patched, you can still get infected if you access one of the infected USB drives or file shares."

Microsoft is offering a $250,000 reward for information leading to the arrest and conviction of the author of the code. A group of anti-worm researchers have also formed a group called Conficker Cabal in an effort to find the author and perform damage control.

Computer users are not without tools to defend themselves, experts say. Users should ensure their machines are fully patched and update antivirus software. They should also update their computers with Microsoft Update. As a precaution, it is recommended that users back up computers to an external hard drive.

Indicators that a computer is already infected include not receiving automatic updates from Windows in the past month. Also, if a computer is unable to visit McAfee.com, Microsoft.com or other security Web sites, it is likely infected.

Macintosh users are in luck - Apple machines and software are immune to the worm.

"Any technology can be used for good or evil," Ronald Rivest, a computer science professor at Massachusetts Institute of Technology, told CNN, "and this is just an example of that."

If your computer is infected
Microsoft has issued instructions on what to do once a machine is infected. These can be found at
http://support.microsoft.com/kb/962007.

Page 1 of 1

Article Tools