|Conficker Worm to Erupt April 1||03.28.09|
Infected Windows machines are expected to begin a campaign of "zombie attacks," coming to life to steal passwords, send spam, spread the worm and clog networksNews.Sky.com
A fast-moving computer "super worm" that has infected over three million PCs is set to morph into a more aggressive form on April Fools' Day, experts have warned.
The Conficker worm, which has spread across the internet at great speed, can be triggered to steal data or give control of infected PCs to hackers.
A fast-moving computer "super worm" that has infected over three million PCs (not Apple Macintoshes unless running Windows via Bootcamp or Parallels)is set to morph into a more aggressive form on April Fools' Day, experts have warned.
The Conficker worm, which has spread across the internet at great speed, can be triggered to steal data or give control of infected computers to hackers.
But up to now, the worm's authors have had their ability to control infected machines heavily limited by a coalition of web security firms.
The firms have been able to work with domain name registrars, which administer web site addresses, to block attempts from infected machines to get instructions from the worm's authors.
But those efforts are set to get much harder. On April 1, many Conficker-infected machines will generate a list of 50,000 new domains a day that they could try.
Researchers already know which domains the infected machines will check, but pre-emptively registering them all, or persuading the registrars to neutralise all of them, is a big hurdle.
If they can be controlled, the infected machines are expected to begin a campaign of "zombie attacks", coming to life to steal passwords, send spam, spread the worm and clog networks.
Technically, this could cause major network outages or even a "cyberweapon of mass destruction" which could then attack government computers.
But researchers who have been tracking Conficker say the date will probably come and go quietly.
Richard Wang, research manager at Sophos plc said: "It doesn't make sense for the guys behind Conficker to cause a major network problem, because if they're breaking parts of the Internet they can't make any money."
Control of infected PCs is valuable to criminal networks, as the machines can be rented out and used for various illicit means.
Jose Nazario, manager of security research for Arbor Networks, said: "We expect something will happen, but we don't quite know what it will look like.
"With every move that they make, there's the potential to identify who they are, where they're located and what we can do about them," he added.
Microsoft has placed a bounty of $250,000 on those responsible for creating the worm.
A coalition of online security firms have joined their offensive against the worm, including Symantec, F-Secure, VeriSign, Afilias, Internet Systems Consortium (ISC), and the Shadowserver Foundation.
:: Advice on defending against Conficker is available online at microsoft.com/conficker.
Consensus: Quit your web browsers when not in use, every time, all the time. Turn off your computer when not in use, every time, all the time, especially on and around Wednesday April 1, 2009. Just in case. In general: be very conservative and cautious in surfing the web, even in social network sites. If Google warns you that entering a given website may damage your computer, DO NOT visit that site.
Return to 5W