Conficker Internet Worm Set For Fresh Wave Of Attacks On April 1 Say Experts

A fast-moving computer “super worm” that has infected over three million computers is set to morph into a more aggressive form on April Fools’ Day, experts have warned.

A bounty has been placed on the super-worm’s authors

The Conficker worm, which has spread across the internet at great speed, can be triggered to steal data or give control of infected computers to hackers.

But up to now, the worm’s authors have had their ability to control infected machines heavily limited by a coalition of web security firms.

The firms have been able to work with domain name registrars, which administer web site addresses, to block attempts from infected machines to get instructions from the worm’s authors.

But those efforts are set to get much harder. On April 1, many Conficker-infected machines will generate a list of 50,000 new domains a day that they could try.

Researchers already know which domains the infected machines will check, but pre-emptively registering them all, or persuading the registrars to neutralise all of them, is a big hurdle.

Passwords are at risk

If they can be controlled, the infected machines are expected to begin a campaign of “zombie attacks”, coming to life to steal passwords, send spam, spread the worm and clog networks.

Technically, this could cause major network outages or even a “cyberweapon of mass destruction” which could then attack government computers.

But researchers who have been tracking Conficker say the date will probably come and go quietly.

Richard Wang, research manager at Sophos plc said: “It doesn’t make sense for the guys behind Conficker to cause a major network problem, because if they’re breaking parts of the Internet they can’t make any money.”

Control of infected PCs is valuable to criminal networks, as the machines can be rented out and used for various illicit means.

Jose Nazario, manager of security research for Arbor Networks, said: “We expect something will happen, but we don’t quite know what it will look like.

“With every move that they make, there’s the potential to identify who they are, where they’re located and what we can do about them,” he added.

Microsoft has placed a bounty of $250,000 (£170,000) on those responsible for creating the worm.

A coalition of online security firms have joined their offensive against the worm, including Symantec, F-Secure, VeriSign, Afilias, Internet Systems Consortium (ISC), and the Shadowserver Foundation.

:: Advice on defending against Conficker is available online at microsoft.com/conficker.

You might also like:

Popularity: 1%