We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

Uncertainty over April 1 Conficker meltdown

Researchers deny worm will devastate the web

Worries that the notorious Conficker worm will somehow rise up and devastate the internet on April 1 are misplaced, security experts said on Friday.

Conficker is thought to have infected more than 10 million PCs worldwide, and researchers estimate that several million of these machines remain infected. If the criminals who created the network wanted to, they could use this network to launch a very powerful distributed denial of service (DDOS) attack against other computers on the internet.

April 1 is the day that the worm is set to change the way it updates itself, moving to a system that is much harder to combat, but most security experts say that this will have little effect on most computer users' lives.

Nevertheless, many people are worried, according to Richard Howard, director of iDefense Security Intelligence. "We have been walking customers down from the ledge all day," he said. Often, the problem has been that company executives have read reports of some April 1st incident and then proceed to "get their IT and security staffs spun up, Howard said.

April 1 is what Conficker researchers are calling a trigger date, when the worm will switch the way it looks for software updates. The worm has already had several such trigger dates, including January 1, none of which had any direct impact on IT operations, according to Phil Porras, a program director with SRI International who has studied the worm.

"Technically, we will see a new capability, but it complements a capability that already exists," Porras said. Conficker is currently capable of using peer-to-peer file sharing to download updates, he added.

The worm, which has been spreading since October of last year, uses a special algorithm to determine what internet domains it will use to download instructions.

Security researchers had tried to clamp down on Conficker by blocking criminals from accessing the 250 internet domains that Conficker was using each day to look for instructions, but starting April 1, the algorithm will generate 50,000 random domains per day - far too many for researchers to connect with.

Gradually, the Conficker network will get updated, but this will take time, and nothing dramatic is expected to happen on April 1, according to Porras, Howard, and researchers at Secureworks and Panda Security.

"There is no clear evidence that the Conficker botnet will do anything dramatic," said Andre DiMino, cofounder of The Shadowserver Foundation, a volunteer security group. "It will change its domain usage to the larger pool and may attempt to drop another variant, but so far, that's about it."

"Regular users just need to be sure they are patched and be extra diligent about possible new methods of infection."


IDG UK Sites

The 30 best TV shows on Netflix UK: Our pick of the best programmes you can watch right now

IDG UK Sites

Nostalgia time: Top 10 best selling mobile phones in history

IDG UK Sites

VFX Emmy: Game of Thrones work garners gong for Rodeo FX

IDG UK Sites

Apple 13-inch MacBook Pro with Retina review (2.6GHz, 128GB, mid-2014)