PC security forces face April 1 showdown with Conficker worm

SEATTLE -- In the brief, tumultuous history of cybercrime, there has never been anything quite like the Conficker worm.

In the past few months, Conficker's creators have infected at least 3 million Windows PCs worldwide with malicious software, and perhaps as many as 12 million. At this moment, the bad guys are locked in a high-stakes showdown with a posse of security groups led by Microsoft.

Conficker's controllers have set a date for what amounts to a cyber-shootout at the OK Corral. Next Wednesday — April Fools' Day — millions of infected PCs, called bots, will begin reporting for further instructions, presumably to begin spreading spam, stealing data or carrying out online scams. And there appears to be little the good guys can do to cut off such communications.

"We have not yet begun to feel the real impact of Conficker," says Paul Henry, researcher at security firm Lumension. "We may soon be at the whim of those in control of what has emerged as a formidable army of infected machines."

Vintage worm

Conficker requires no action on the part of the PC user to spread. It's a throwback to self-replicating worms that scanned the Internet for PCs displaying known — and unpatched — Windows security holes.

Microsoft took notice, and on Oct. 23, issued a rare emergency patch. Most home PC users in North America got patched quickly, via Windows Auto update. But many corporate and government users were lackadaisical about patching. In China and other nations where pirated copies of Windows are widely used, patches simply weren't available. "Once the patch was out, no one paid attention," says Don Jackson, senior researcher at SecureWorks. "They underestimated the risk."