Conficker is a malicious worm that has so far infected 9 million Windows-based PCs since it was first detected in October 2000.
The results so far recall the Y2K crisis: Lots of worry, but not much impact.
Conficker is expected to hit the United States today, April 1. But it is already a day ahead across the international date line, where Conficker is waking up, and making its way westward through Asia and Europe.
So far, however, Conficker has laid low. “We’ve seen some host resolution in our honeypot systems, they’re doing that,” Ferguson said. “But aside from doing the expected DNS resolution, we haven’t really seen anything else.”
A spokesman from Symantec also said that the company’s researchers haven’t noted any malicious activity. “Most regions have already woken up to April 1 and Symantec Security Response experts have not detected any additional activities but are continuing to monitor for any new activities and will provide updates as they become available,” he said in an update Tuesday night. “Keep in mind that these systems could be updated on any date after April 1.”
On April 1, according to security researchers, Conficker is scheduled to determine the local time, about once every 24 hours, to determine if it is in fact April 1 or later. At that time, the worm begins to generate a list of 50,000 domains, of which it checks about 500 or so for what researchers assume to be a digitally signed payload. What that payload is or what it will order the Conficker machines to do is unknown.
But really, there’s no reason that anyone’s computer should still be infected, given the variety of Conficker detection and removal tools out there. Even the Department of Homeland Security is getting into the act and offering Conficker mitigation software for government agencies and enterprises.