The first version of the Conficker computer worm was released in late 2008 but experts expect that the infection will spread on April 1st. It is believed that the worm has already infected over 5 million machines. The infected computers act as a carrier for the worm, remaining dormant but capable of reactivation if the original author switches them on. According to the director of CA, a New York threat assessment company, Conflicker carriers will be reactivated on April 1st.

The Conflicker Worm causes many internal computer problems but does not attack data directly. Instead the Worm cancels the auto update functionality of windows and virus scanners and acts as a backdoor access point. Virus and Worm writers have largely moved away from purely destructive code. It is now much more common that Worms are used as backdoors into a system as a data miner or to infect a computer with advertisements. What makes the Conflicker Worm especially dangerous is that is has been created to evolve overtime and the author continues to make improvements to ensure that it survives against deletion.

The easiest way that you can check for possible infection is to check your Windows Auto Updater. If you run a Windows XP system open “My Computer”, click on “Control Panel” and then navigate to “Security Center”. Make sure that you have received Windows updates for the month of March. If you haven’t either contact you IT department and/or make sure that a virus scan is run on your computer as soon as possible.

Without knowing how the Worm will evolve it cannot be known exactly what will happen on April 1st. The best thing you can do is ensure that the Worm is not already on your system and patch your servers to prevent further infection.

– Richard Keene
IT Computer Support of New York
Design and Optimization Department