The Conficker computer worm -- even if it does nothing much to the world's computer networks -- seems to have created an international state of anxiety. But some computer scientists say they may have the bug under control.
"We pulled off a bit of a coup," Dan Kaminsky, a computer security specialist for the firm IOActive, wrote in an e-mail to us.
What did they do? Well, Conficker, sophisticated as it may be, is really nothing more than lines of code -- letters and numbers, written by hackers -- which Kaminsky and colleagues have been able to read and probe for mistakes. Over the weekend, they report, they were able to create a detection tool that would show computer network operators if their systems had been infected.
"We saw an opportunity to manage the risks that Conficker introduces in a clean, straightforward manner, with just a little bit of work over a weekend. I'm pretty happy it worked out!" said Kaminsky.
You may recall that computer engineers said Conficker seemed quite sophisticated for a piece of so-called "malware." It is not, strictly speaking, a computer virus; instead, it seems designed to get stealthily into people's machines and take control of them en masse -- though just for what, is unclear.
Once it infects a computer, it contains instructions to contact some faraway command center for further instructions April 1. More than one engineer thought it was possible the whole thing was an elaborate April Fool's joke -- though if so, its creator, or creators, went to an awful lot of trouble for very little.
Kaminsky was among the more sanguine members of the "Conficker Cabal," the loosely knit team working on the problem. (They've since renamed themselves the Conficker Working Group.) He thought it quite possible that on April 1, the world would wake up to -- well, to nothing. People called it the "doomsday virus," but Kaminsky said if all those infected computers did, in fact, receive commands from somewhere, they would not exactly explode all at once.
"I wish I could say I'd learned what it's going to do on April 1," he said. "I haven't. We've definitely learned better strategies for tracking infections of this nature."
The working group says it has found how Conficker gets into Microsoft Windows, releasing what appears to be a software "patch" or update that, at first glance, may appear to be Microsoft's own.
But it's not -- and engineers have now sent out commands that will help system operators tell if they're safe. Several groups, including the Department of Homeland Security, have sent out similar software fixes.
"The vast majority of threats we see today are attempts to steal confidential information. We know there's a large underground economy where personal information is sold," said Dean Turner of the online security firm Symantec.
Conficker is not, strictly speaking, a computer virus. Instead, it may try to link an infected computer with others as if they were one giant, coordinated machine, known to computer scientists as a botnet.
The program automatically turns off various security settings built into Windows. It seems to block users from going to major Web sites that provide anti-virus protection. And -- maddeningly -- it contains instructions for infected computers to contact a control system, somewhere out there in cyberspace, on April 1.