Conficker has little impact now, but PC worm could hit later

ByABC News
April 1, 2009, 9:21 PM

SAN FRANCISCO -- For one day, at least, Conficker was more April Fools' prank than devastating PC menace.

The computer worm, which has quickly tainted millions of PCs and was programmed to possibly inflict more damage Wednesday, came and went without any major disruptions.

But that doesn't mean the threat is finished.

"It's like smoking," says Mike Rothman, senior vice president of strategy at eIQnetworks, a security-software maker. "It may not kill you today, but it could in weeks, months or years." The scope of Conficker's reach and the fact it could be programmed to attack machines later make it a lingering threat, he says.

The much-hyped malicious software code has exploited a security hole in Microsoft's Windows operating system to infect 3 million to 12 million PCs the past several months. Infected PCs are stitched into bots, a network of compromised computers usually controlled by criminals.

Examination of the code reveals the bots were programmed to follow instructions on April 1. When activated, the worm could instruct the bots to steal personal information, wipe hard drives, spread e-mail fraud schemes or remain dormant until a later date.

So far, the infections haven't produced many glitches, computer-security experts say. Cisco Systems detected little activity.

Hoopla surrounding the potential mayhem of Conficker has been compared with the Y2K bug, when the dawn of the 21st century was thought to threaten computer networks by misinterpreting the new year as 1900 rather than 2000. Not much happened then, either.

Consumers have largely been shielded from Conficker if they update their PCs with a security fix provided by Microsoft since October. In February, Microsoft offered a $250,000 reward for information leading to the arrest and conviction of those responsible for the worm.

Some companies, government agencies and schools that don't properly patch PCs are more at risk, says Roger Thompson, chief research officer at security-software maker AVG Technologies.