Conficker stays silent on April Fools Day
As expected, the C variant of the Conficker worm has begun to contact numerous websites in order to download updates or receive commands. As expected, apart from some more Internet traffic, nothing has apparently happened. F-Secure's blog noted the activation occurring, but has not seen any of the sites being polled offering up any updates.
Whether the worm has had an opportunity to contact its generated list of sites to call or if it has been blocked by the Conficker Working Group (CWG) is still unclear; The CWG have released no information. It is possible that Conficker.C is using the peer-to-peer functions built into it to contact other infected machines and download updates. But according to McAfee, this isn't happening on a large scale either.
The proportion of Conficker.C, as measured by the over all distribution of Conficker, is relatively low. An update of the B variant, the C variant emerged as the Conficker Working Group began to block attempts by Conficker.B to contact update sites.
There is no reason for complacency though. The current and earlier versions of Conficker will continue beyond April 1st to attempt to contact sites and update their code or commands. The worm authors still have opportunities to update the worm, and with the eyes of the world on Conficker on April 1st, they may have decided to choose another day.
Administrators should use the available time to download and use tools that detect and eliminate Conficker. Even with prompt action, there will, for months, still be several million Windows PCs infected with Conficker, with the majority of infections being found on business networks.
See also:
- Conficker demystified, a report from The H.
- Conficker worm reloads - maybe, a report from The H.
- German researchers develop network scan for Conficker worm, a report from The H.
- Conficker infects UK parliament, a report from The H.
- Conficker to disrupt legitimate domains in March, a report from The H.
- Conficker becomes a more flexible worm, a report from The H.
- Microsoft, ICANN and others, move to block Conficker, a report from The H.
- F-Secure now claims nine million Conficker infections, a report from The H.
- Report: 2.5 million PCs infected with Conficker worm, a report from The H.
- Conficker in Carinthia: first the state government, now the hospitals, a report from The H.
- Windows worm infection accelerates, a report from The H.
(djwm)