No joke, it's the April 1st malware
1 April 2009 (http://www.channelnewsasia.com)
By Susan Ferroa

When PCs start acting funny, it hardly raises a laugh. More so on April 1st, when a computer worm called "Downadup" or "Conficker" is expected to strike.

The malicious software code or malware was programmed to modify itself on April 1st to become harder to stop when infected machines receive cues, either from websites with Greenwich Mean Time(GMT), or local clocks.

The worm is expected to make its presence felt from East to West, beginning in time zones that are first to greet April Fool's Day with the malware's April 1st trigger date.

"Planes are not going to fall out of the sky and the Internet is not going to melt down," said threat analyst Paul Ferguson of Trend Micro computer security firm in Northern California.

"The big mystery is what those behind "Conficker" are going to do. When they have this many machines under their control it is kind of scary. With a click of a mouse they could get thousands of machines to do whatever they want."

Since November 2008, "Downadup" or "Conficker" has infected millions of computers with some being taken over to spread junk e-mail, phishing or e-mail fraud schemes, and also steal personal information such as usernames and passwords.

"Conficker" task force members tracking Internet traffic in Asia and Europe after clocks struck April 1st, have said there's been no sign that the worm update is doing anything other than modifying itself to become harder to exterminate.

It's unclear whether fears of something more sinister is an April Fool's hoax by the virus writers, but no one is laughing.

The threat takes advantage of a vulnerability found in Microsoft.

Computers most at risk are those running Windows XP and Windows Vista, especially machines configured not to automatically receive updates from Microsoft or computers with outdated security software.

The worm works in the background to install and copy itself into shared folders and shared networks. It can also infect USB devices such as memory sticks.

So, sharing files and documents as well as common-use desktop or laptops can expose you to the risk of the worm which you may pick up unknowingly.

To avoid a widespread security issue PC-users are being reminded to take some basic security steps.

The best, first step is make sure you have software security and that it is up-to-date. It's also good to allow the security system to conduct regular scans to check every nook and cranny of your system for malware.

Since Microsoft users are the most vulnerable, a task force assembled by the US computing colossus has been working to stamp out the worm, and that includes a bounty of US$250,000 on the heads of those responsible for the threat.

The threat is also keeping independent security firms such as McAfee, Symantec Corp and Trend Micro Inc very busy as they closely monitor cyberspace to see how the worm mutates on April 1st and over coming days and weeks.

The malware has even the American Federal Bureau of Investigation(FBI) hard at work.

Security experts think "Conficker" may have originated in the Ukraine, based on its code and the FBI, which declined to comment on its investigation, is believed to be working to shut down the operation.

Governments have also stepped up action.

The US Department of Homeland Security has released a tool developed by the US Computer Emergency Readiness Team (US-CERT) to detect whether a computer is infected by the worm, while CyberSecurity Malaysia, the national specialist centre for cyber security, is working on solutions to contain any possible impact of the worm on computer users.

It's estimated that between 2 and 12 million computers worldwide are infected with "Conficker" which was programmed to reach out to 250 websites daily to download commands from its masters.

On April 1st however, security experts noted that the malware began generating daily lists of 50,000 websites.

What is rattling everyone is the fact that the malware which hides itself, could mutate to turn an infected PC into a slave that responds to commands sent from a remote server that controls an army of slave computers known as a botnet.

From there, the worm can used to attack as well as to spy, or destroy files, said Gadi Evron, an expert on botnets.

With all the attention being given to the malware, those behind "Conficker" might gradually change the way the worm communicates to avoid attention and prevent companies from putting in place safeguards.

So here's the punchline - the "Downadup" or "Conficker" threat will remain even if April 1st passes without causing trouble to you or your PC.