SCF Advanced Search

  • Total Posts: 37947
  • Total Topics: 12574
  • Online Today: 1079
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Conficker Worm Will Call Home on April Fools' Day  (Read 2485 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7520
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Conficker Worm Will Call Home on April Fools' Day
« on: 27. March 2009., 12:55:50 »

Security experts around the world will be watching on April 1, when the widespread Conficker worm is scheduled to call home to mystery domains. The creators of Conficker, also known as Downadup, are playing a cat-and-mouse game with the security posse organized by Microsoft. The April 1 date could even be a Conficker distraction.

April 1 brings on the age-old tradition of jokes and pranks. But this year, April 1 will be more than just April Fools' Day.

The first day of April 2009 is when security Relevant Products/Services analysts around the world will watch to see what happens to thousands of computers because of the Conficker worm, a family of malware Relevant Products/Services that is now widespread and affecting 10 million computers.

Conficker, also known as Downadup, is spread in three ways, including via exploit, weak passwords, and the use of autorun.inf files which are copied to USB drives.

Cat and Mouse

Graham Cluley, a security analyst with Sophos, said it's not possible for analysts to figure out what the payload could be because it's not yet present in the Conficker code.

"Some people have got rather confused as to what the April 1st deadline really means," Cluley said in an official blog post. "The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home Web servers from which it may receive updates."

Beyond that, Cluley said there's no guarantee the download will even occur on the first day of April. It all depends on when the authors of the malicious code choose to register a domain out of the 50,000 listed each day.

Jart Armin, a security expert with HostExploit, agrees. "The April 1st date would appear to be speculation; in the four or so worm variations seen so far, all have had various 'call home for an update' dates, times and varying locations," Armin said. "Conficker remains a dangerous threat, but its masters are obviously playing a cat-and-mouse game with the community, constantly matching any publicized anti-measures, and it's normal business as usual for malware in general."

Armin warned that the authors of the code may be using April Fools' Day to distract people while they commit other attacks. "It is important to remember, when observing illusionists as in this case, to also watch what the other hand is being used for," he said.

Bounty Still Out

While the Conficker masters iron out details, businesses are planning countermeasures to fight the virus.

In February, Microsoft Relevant Products/Services announced a collaboration dubbed the Conficker Cabal with other industry leaders, including AOL, F-Secure, Arbor Networks, and VeriSign, to put together a coordinated response to the worm.

The software giant has been working with the Internet Corporation of Assigned Names and Numbers (ICANN) and operators of Domain Name Systems to find a way to disable the domains targeted by Conficker. Microsoft has also posted a $250,000 bounty for information that results in the arrest and conviction of those responsible for launching the malicious code.

(NewsFactor Network)

Samker's Computer Forum -

Conficker Worm Will Call Home on April Fools' Day
« on: 27. March 2009., 12:55:50 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising