In association with heise online

01 April 2009, 15:40

Conficker stays silent on April Fools Day

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

As expected, the C variant of the Conficker worm has begun to contact numerous websites in order to download updates or receive commands. As expected, apart from some more Internet traffic, nothing has apparently happened. F-Secure's blog noted the activation occurring, but has not seen any of the sites being polled offering up any updates.

Whether the worm has had an opportunity to contact its generated list of sites to call or if it has been blocked by the Conficker Working Group (CWG) is still unclear; The CWG have released no information. It is possible that Conficker.C is using the peer-to-peer functions built into it to contact other infected machines and download updates. But according to McAfee, this isn't happening on a large scale either.

The proportion of Conficker.C, as measured by the over all distribution of Conficker, is relatively low. An update of the B variant, the C variant emerged as the Conficker Working Group began to block attempts by Conficker.B to contact update sites.

There is no reason for complacency though. The current and earlier versions of Conficker will continue beyond April 1st to attempt to contact sites and update their code or commands. The worm authors still have opportunities to update the worm, and with the eyes of the world on Conficker on April 1st, they may have decided to choose another day.

Administrators should use the available time to download and use tools that detect and eliminate Conficker. Even with prompt action, there will, for months, still be several million Windows PCs infected with Conficker, with the majority of infections being found on business networks.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit