Previous
The View
Next
The Great Red Spot is Shrinking
Apr 1, 2009 12:16pm

Conficker Worm: D-Day

This, being April 1, is the day the Conficker computer worm was supposed to seek whatever instructions it was supposed to get from its author, somewhere out there on the Internet.  Security firms — and every technology reporter on the planet, it seems — are on the lookout. My favorite version is from Brian Krebs, who writes the "Security Fix" blog for the Washington Post.  Simply because his headline is "Conficker Worm Strike Reports Start Rolling In," he’s getting a lot of hits.  Read it HERE. He reports…Elmendorf Air Force Base, near Anchorage, briefly went to Defcon 3…an ATM in Reykjavik began spewing 100-Krona notes…Big Ben in London stopped at 11:59 p.m….and…and — you absolutely HAVE to read the note he has in italics at the bottom of his post. Most of the other, more serious, stories so far are like THIS: "Conficker Worm Reaches Go Time, to No Effect."  Or THIS: "Conficker Worm Is Much Ado About Nothing." David Coursey of PC World, a content partner of ours, writes, "The Conficker Worm is like the Paris Hilton of computer security: Famous solely for being famous. Neither has actually ever done anything of note. But, at least Paris has a sense of humor about her celebrity. Conficker just wastes people’s time." But it’s worth pointing out that most stories today on Conficker’s effects are pretty short, even though most of the world’s time zones have already rolled over to April 1.  The Internet, being a network of networks, is by definition diffuse, so, while news travels fast, realization of it may not get out there very fast. We have plenty of calls out, and if we hear something, we’ll pass it on.  But an awful lot of security people have told us in the last week that even if the worm does successfully get its mystery instructions, they may not even tell it to do anything today. ==================== Update, 6:30 p.m. EDT: The Justice Department and Symantec say they have not heard of any major problems that can be attributed to Conficker.  Register.com, a major website-hosting service, has been down for a few hours; a spokesperson there says they’re aware of the problem and expect to be back online soon, but they can’t say whether Conficker is involved.

Related Videos
Steve Jobs' FBI File: Bomb Threat? Steve Jobs' FBI File: Bomb Threat?
Steve Jobs' FBI File Released Steve Jobs' FBI File Released
Previous
The View
Next
The Great Red Spot is Shrinking

User Comments

Perhaps when the worm does strike, it will be with “April Fool” written across computer screens everywhere.

Posted by: andyr | April 1, 2009, 12:54 pm 12:54 pm

most people dread virus’s as they dont know how to deal with it when it strikes. I think it is a hilarious joke as virus writers like to add in funny catch phrases in their code. Things like small animated monsters that run across your screen eating your .exe files. i just sit there, watch it happen and laugh. Of course then i get my install disk and reformat.

Posted by: adam | April 1, 2009, 1:17 pm 1:17 pm

If your system uses automatic updates and they ran in october ’08 you are safe. I think the media is not pointing out the obvious in the case that the patch was released before the worm. Update all software from any company. They ALL have vulnerabilities and constantly need updating to keep you safe. This goes for everything not just Microsoft products. I see updates for remote code execution for all the OS’s out there so don’t act like your immune since you don’t have Windows, this should be a case in point to always stay updated, even when you think you have a good reason not to, because really there is no good reason not to stay up to date.

Posted by: Eric | April 1, 2009, 2:38 pm 2:38 pm

marketing ploy by McAfee & the like

Posted by: lifesense | April 1, 2009, 3:27 pm 3:27 pm

I don’t have to worry about it. I’m on an Apple computer.

Posted by: Gauston in DC | April 1, 2009, 3:37 pm 3:37 pm

Thank GOD for Steve Jobs and Apple. I haven’t had a virus in years!

Posted by: Mac Lady | April 1, 2009, 4:02 pm 4:02 pm

While everyone breathes a sigh of relief, the question now is what will the authors of this worm do with the vast legion of compromised computers they now “own”? Anybody thinking of this slight and, of course, small issue?

Posted by: Jon | April 1, 2009, 4:17 pm 4:17 pm

There is a file on my computer that has been trying to access the web, literally every second on the second. It started around noontime, and hasn’t stopped. I can’t seem to delete it and it isn’t being recognized by spybot or norton antivirus as malware. But I have no doubt that it is because it started with a strange popup that I’ve never seen before. It’s using a rundll32.exe but with a strange, and apparently, random filename “Hfojihikici”. Our IT people can’t seem to figure it out, and can’t delete it either. The only reason it can’t access the web is that I have two distinct programs that are monitoring its execution, but neither is letting the program change the registry, as its been constantly trying to do. Needless to say, it is more than a little disconcerting.

Posted by: paopath | April 1, 2009, 4:29 pm 4:29 pm

Typical scare tactics from the IT and anti-virus community. It sells more anti-virus software and provides job security for IT nerds. I believe that most viruses are created by the anti-virus people themselves in cooperation with IT guys building websites that create pop-ups. Microsoft and their $250k bounty is also a sales con job.

Posted by: anti-IT | April 1, 2009, 4:41 pm 4:41 pm

Conficker.c is causing issues, just not as wide spread as expected. One reason for this is the virus code was shared so that several people could take control of machines not just one person. Our domains were basically getting a DoS attack shortly after noon today 4/1, we blocked the offending subnet, identified them contacted them and told them to update their machines. It is also causing a degradation on the internet because of the malicious traffic. It’s not over yet, it’s just get started.

Posted by: Cyoung | April 1, 2009, 4:57 pm 4:57 pm

Just because nothing happened TODAY doesn’t mean everything is fine. Look at it this way. A lot of people have safer computers now.

Posted by: Ryan | April 1, 2009, 5:09 pm 5:09 pm

When I was able to quit counting on my fingers, my hangnails healed. I finally mastered my abacus by spraying for termites, so now I’ve got to learn to train worms ? ?

Posted by: AlchyDave25 | April 1, 2009, 5:25 pm 5:25 pm

Ive never had any viruses of any kind and I do not think I ever will. I dont know what “viruses” is everyone talking about. Scan a file before opening it and stop downloading those “free” movies and music!

Posted by: hmm | April 1, 2009, 5:51 pm 5:51 pm

what can I do to see if my computer has the virus?

Posted by: Terra | April 1, 2009, 7:20 pm 7:20 pm

That is the reason I have an Apple.

Posted by: tina | April 1, 2009, 8:56 pm 8:56 pm

A tell-tale sign that your infected with conficker is that you cant accsess coupter help sites or major anti virus sites (IE: norton, trend micro, bleepingcomputer, malwarebytes, AVG) or your restore points have been wiped.

Posted by: Brandon | April 1, 2009, 9:52 pm 9:52 pm

I do not have anti-virus software installed, hooked straight to cable modem, no firewall on, and I do not install MS updates that slows down my computer. I do lots of online purchasing and online baking. No problems for years. Come get some wimpy hackers!

Posted by: Not Afraid | April 1, 2009, 11:02 pm 11:02 pm

common sense is the key, people!

Posted by: YEA! | April 2, 2009, 12:07 am 12:07 am

I think the real threat is that you can’t tell you have the malware, and most antivirus software does not detect it. The only indication is if you try to access antivirus sites and are unsuccessful. Once activated, it logs your key strokes and captures your passwords, credit card info, etc. which is routed to a malicious site. I believe you can run a free scan at symantec to see if the malware is installed on your computer. If you can’t access the site, be concerned.

Posted by: JC | April 2, 2009, 3:11 am 3:11 am

“That is the reason I have an Apple.”
I wouldn’t be so sure of yourselves. As the Pwn2Own contest shows, Apple is the easiest OS to crack. Not only do the hackers at the CanSecWest conference think that, IBM has also released a study by their X-Force research group that shows Apple at the top of the list for most vulnerabilites and the time it takes to patch those vulnerabilities.
Most Vulnerable Operating Systems
X-Force tracks vulnerabilities by platform and has produced metrics this year to show the operating systems with the most disclosed vulnerabilities. The
following chart shows the operating systems with the most vulnerabilities
documented in 2008. The top ten operating systems account for nearly 75% of
all vulnerability disclosures affecting operating systems.

Posted by: Eric | April 2, 2009, 9:17 am 9:17 am

You guys mentioning pwn2own need to actually do some research on that. It wasn’t what it seems like at a glance.

Posted by: Chris | April 2, 2009, 11:29 am 11:29 am

Us Apple guys need to keep our mouths shut and not stand up waving a red flag about how we have no virus or worm attacks… It’s not that the apple is bullet proof but rather that no one has spent the time hacking it… Let them get a bigger market share or start showing off and someone will start writing them. For me it’s head down and eyes open.

Posted by: Rudger | April 2, 2009, 12:06 pm 12:06 pm

“You guys mentioning pwn2own need to actually do some research on that. It wasn’t what it seems like at a glance.”
Not sure what I missed? I read the interviews of Charlie Miller and Nil’s and they both stated the same thing which happens to be that Apple’s security is almost non existant. Sure the contest was compromising a browser to take of the system. Apple was first to fall with Safari. IE on windows was second and firefox on Apple was third. Charlie Miller is an Apple user himself, but stated the old marketshare argument that no one wants to believe and said Apple is only safer now as it is not the target. So not sure where I am missing this at the moment, maybe you can enlighten me on what the truth really is at a glance of course.

Posted by: Eric | April 2, 2009, 1:00 pm 1:00 pm

people, there was nothing saying the infection was going to tumble down the world, only that it was looking for new instructions on april 1st stupid media blows anything out of proportion always lying to get the better ratings

Posted by: Cliff | April 2, 2009, 1:24 pm 1:24 pm

ROFL…yes, your precious apple doesn’t get virus’s. It must be because it is truly perfect in every way just like you and all the other mac-heads claim. It couldn’t be that apple’s marketshare of the pc world is so pathetically small that no hacker worth his weight in salt would give two craps about an apple. HAHA.

Posted by: Magus725 | April 2, 2009, 1:33 pm 1:33 pm

Yes, My Mac is damn near perfect. I like the small market share, keeps the viruses down. Good luck!

Posted by: jay | April 17, 2009, 3:26 pm 3:26 pm

Just because this did not go crazy in 4/1 does not mean that it is harmless.
Remember the best hackers are those that cannot be tracked or found.

Posted by: Securitt | June 18, 2009, 9:27 am 9:27 am

Top

Leave a Reply

Do you have more information about this topic? If so, please click here to contact the editors of ABC News.