Cornficker Bites

You didn’t listen: Conficker worm now infects 7 million computers – one year later

by JG Mason on Nov 2, 2009 at 03:16 PM

Back in November 2008, security experts became aware of Conficker, a worm that adds as many computers to its botnet as possible. Then in April of 2009 fear spread that April Fools Day, 4/1/09 would be dooms day, but it never came.  Instead, the worm has built a ring of 7 million machines around the world that only wait instructions on what to do next.  The only thing is, those instructions haven’t come.

Although Conficker is probably the computer worm most known about, PCs continue to get infected by it, said Andre DiMino, co-founder of The Shadowserver Foundation. “The trend is definitely increasing and breaking 7 million is pretty much of a landmark event,” he said.

But why no instructions?

Researchers have a couple of theories.  One is who ever built this thing is scared to do anything with it.  The clever code is adept at re-infecting systems even after it was removed.  Companies have spent time and money dealing with this potential threat and if caught the developer could be looking at a lot of time with the boys in blue.

The fear is with a botnet of 7 million and growing, the army could weaponize and have affect on a great many of us.  To be clear, it doesn’t seem this is the case today, but it is always a possibility.  The most common symptom of Conficker is a machine that cannot be logged onto.  The worm will attempt to gain access to other machines on the network by guessing passwords and in doing so will get locked out.

Do you have it?  Get tested

A simple test, called an Eye Chart is found at the Conficker Working Group that was set up to deal and track these issues.  It is a simple load and see if your machine loads images.  If so, you are clean if not, you can find which variant of the the worm you’ve got and how to expel it.


Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>