Conficker has Activated; No Consequences YetCategory: Bugs / Virus
Posted: April 1, 2009 09:53AM
The newest worm, Conficker, that everyone has been worried about for the past few months has activated today as planned. The latest estimates suggest that the worm has infected between 10 and 15 million machines, creating the largest botnet ever seen. Previously, the infected computers have been contacting approximately 250 domains to check for and download updates. The activation is based on the infected machine's local time, so not all infected machines have activated yet. For those that have activated, they generate a list of 50,000 domains and poll 500 of those generated to try to connect with command-and-control servers. Although many of the infected machines have started this process, nothing of importance has happened yet. McAffee Avert Labs has noticed the worm polling, but has not seen any detrimental effects from it yet. It is possible that the developers are waiting for the hype to die down before they begin their damage. However, time is not on their side as it is relatively easy to detect and remove the worm. Many precautions are being implemented to prevent Conficker from contacting its command servers. It is unknown whether those efforts will help.
Let's hope that the worm was simply an April Fool's joke and the creators are happy simply having annoyed people and diverted time and money from companie trying to prevent it.