The Conficker C Internet worm is a malicious computer virus that burrows into your hard drive--and was due to begin hatching its nefarious plans Tuesday night at midnight.
The virus was launched in October 2008, and has since infected an estimated 12 million Windows-based PCs via unreliable websites and downloads.
As the virus moves into its second phase today, it gives an outside user control of the hijacked machine, and there is fear your private information could be stolen.
Only six per cent of all infected computers are in North America, researchers at IBM's Internet Security Systems said Tuesday, while the majority, 45 per cent, exist in Asia. But with so much interest in Conficker in the western world, its creators have found a new viral marketing campaign to keep it alive.
Software security vendor Symantec, publishers of the popular Norton Antivirus, released a report Tuesday that says people were more susceptible to download a copy of the virus simply by searching for "Conficker" in Google. The search brings up 3.2 million mentions of the worm on the Internet, some of them hoax websites that actually host the virus and infect any users who surf those sites.
"Be careful with the links you follow," the company warned in a news release. "A sincere effort of keeping abreast with the latest security information might contain some unwelcome surprises."
The news doesn't come as a surprise to Stuart Crawford, vice-president of Calgary IT firm Bulletproof Infotech.
"The Internet is a minefield and you have to know where to step," he said. "We'd like to remind people to only rely on trusted sites."
The first real computer virus scare in years has also been attracting a cottage industry of online scam artists, dubious cyber criminals who are selling alleged removal tools for the virus that promise a lot and do nothing. Some even infect the PC with more malware.
"Bad guys will try to take advantage of any crisis, whether it's a natural catastropheor Conficker striking,"said John Aycock, an associate professor in the computer science department at the University of Calgary. "So in that respect, this isn't surprising."
The computers infected with Conficker are scheduled to move into a new phase today, April 1, when the worm will seek new instructions.
What those instructions are has been relatively unknown to leading computer experts. In a worst-case scenario, the worm could take over your machine and steal all your personal data. On the other hand, optimists say this could all be one of the most elaborate April Fool's Day hoaxes ever.
"We don't know what those instructions are, and in all likelihood, nothing is going to happen,"Aycock said.
The worm, one that's been difficult to identify and remove, has been one of the most sophisticated and potentially dangerous that many in the information security business have faced. It exploits weaknesses in the Windows operating system and conceals itself on a hard drive, laying dormant until midnight this morning, when it was expected to search out its originator and seek further instructions.
To hide its tracks and protect its creators, the virus generates a list of tens of thousands of URLs or domain names, any one of which could be its central command centre. Until it is dismantled, Conficker will generate 50,000 brand new URLs a day and will search for 500 of those names on a daily basis, according to security vendor Websense Inc.
Apple Macintosh and Linux users aren't affected, since Conficker only attacks PCs running Windows. Unfortunately, that means nine out of every 10 computers in the world could be a carrier.
"This was designed to hit as many people as it possibly could,"Crawford said.
The virus is most likely to strike the untold thousands, millions perhaps, that are running pirated versions of Windows on their machines.Because they acquired the software illicitly, they are unlikely to update it through Microsoft's official patches.
"If you don't have an official copy of Windows or you're unable to update, you're potentially at risk," Aycock said. "But if you're running antivirus software, it should be able to spot Conficker now."
Most commercial antivirus software firms have released updates to combat Conficker, and the U. S. Department of Homeland Security has made a free removal tool available on its website.
If you fear your computer is hosting theConficker C virus, Crawford suggested trying to navigate to popular antivirus sites such as Norton.com and McAfee. com. The newest versions of Conficker disable your ability to log onto these sites. If you're unable to visit these sites, you're ad-vised to take your computer to an IT expert as soon as possible.
Microsoft Corp is offering a $250,000 reward for information leading to the capture and conviction of Conficker's creators, though the culprits behind these types of cybercrimes are rarely found.
"The grim reality is that catching the bad guys behind this, unless they make a massive slip-up, is next to zero," Aycock said. "They could be anywhere in the world."
It's also likely that Conficker's creators have been scared off by all the media attention they've garnered, the professor said, at least for now.
"It's entirely possible that the bad guys don't really know what to do with all this firepower they've amassed,"he said. "But these are people who have a high level of technical skill and a fair bit of motivation, so it may be likely that Conficker won't be the last we'll hear from them."
As for the Conficker worm itself, it likely isn't going anywhere. Aycock said given the history of computer viruses, it's more likely that Microsoft will have to learn to work around it rather than disable it altogether.
In Entertainment news, here's some old April Fools' jokes made by various TV stations:
No comments:
Post a Comment
Comments containing links will be marked as spam and not approved. We moderate every comment. If you want to advertise on this blog it is $30 per link.