Doing the worm: Tweak in 'Conficker' sparks fears
By JORDAN ROBERTSON, AP Technology Writer - Tue Mar 31, 2009 7:28PM EDT
SAN FRANCISCO - Even if it's not an April Fools' joke, the latest moves by the dreaded Conficker worm are by no means an Internet Armageddon, either. The worm's alarming outbreak entered a new phase Wednesday as clocks around the world ticked into the first day of April, the day it was scheduled to change programming.
But security experts appeared correct in their predictions that the day was likely to come and go without any major disruptions, even though the worm has infected anywhere from 3 million to 12 million PCs running Microsoft Corp.'s Windows operating system.
Computer infections now are all about making money by stealing people's personal information. And Conficker's authors stand to make more money from renting out parts of their huge "botnet" to spammers or identity thieves than by destroying parts of the Internet.
"These guys have been pretty smart until now — the worm is unfortunately very well done," said Patrik Runald, chief security advisor for F-Secure Corp. "So far they haven't been stupid. So why should they start on April 1?"
But panic over the worm had reached a frenzy.
Lori Lynn Pavlovich, a mother of four from Racine, Wis., unplugged her PC and vowed to stay offline for a week after seeing a local TV news report about the worm.
"I get scared real easy when it comes to stuff like that," she said. Pavlovich, who says she keeps her antivirus software and security patches up to date, got back online 24 hours later after a relative assured her that her system was safe.
In the last six months, the worm has also caused sleepless nights for the technicians who maintain corporate and governmental computer systems. European media reported that the French military grounded some of its fighter planes after the Navy's network was infected over the winter.
Companies were on high alert to any change in Conficker's behavior that could affect their systems. But a lot of the heavy lifting for big corporations has already been done. Most large organizations hurried to fix the vulnerability that Conficker exploits long ago — Microsoft released a software "patch" for it in October. Many smaller businesses and consumers started worrying about the problem later, making them more vulnerable to infection.
"Consumers are very, very, very aware of this — more so than I've seen in years," said Alfred Huger, vice president of Symantec Security Response. "Enterprises are certainly aware of this, and they're treating this seriously, but no more so than other threats they're faced with."
Detecting a Conficker infection is actually very easy. One of the telltale signs is if you're able to navigate the Internet freely but can't access Microsoft's site or the sites for the major antivirus software vendors. Conficker's authors included that feature to prevent infected machines from downloading programs that remove the worm.
That makes it harder to get the Conficker removal programs, but not impossible. Security experts recommend that people with infected machines find a friend whose machine isn't infected, and have that person download the removal tool and e-mail it to them.
Microsoft has offered a $250,000 bounty for information leading to the arrest and conviction of the people responsible for Conficker.