No-joke PC worm to start up April 1
3/31/2009Mar. 27--The fast-spreading, self-replicating computer worm known as Conficker that has been lying dormant all winter is set to rear its head on April Fool's Day.
Experts don't know what all that entails, but it's probably not going to be good.
''The date is real," said Matthew Curtin, founder of Columbus computer-security firm Interhack. "A machine that's infected will be triggered, and it will engage in harmful activity."
The worm uses a vulnerability in Microsoft Windows to infect computers through a network connection. Once in a network, the worm moves from computer to computer by breaking passwords, and then awaits instructions from its creator.
Those instructions are supposed to come Wednesday, Curtin said.
''The ratings are all relatively low-risk, however. It's one of those things that everybody's watching," Curtin said. "The full impact of what will happen is not really well known."
The worm has the ability to connect to Web sites and download applications.
''It's designed to go download stuff and then run it," Curtin said. "We don't know what kind of payload it will have when the big day hits."
In the past, similar worms have been used to send a lot of spam, said Richard Wang, manager of SophosLabs US, a computer security company.
The spam can rack up costs indirectly by slowing Internet connections or forcing people to buy spam-blocking software, he said.
''Though it doesn't appear as a direct cost, there are costs associated with being on the receiving end of spam," Wang said.
It can be difficult to tell whether a computer is infected. In a business setting, there might be extra network activity as the virus tries to spread. At home, Conficker might prevent access to anti-virus or security Web sites. It also stops anti-virus software updates.
Microsoft users should make sure the Windows Auto Update feature is working, and that any anti-virus software is running and up-to-date, Curtin said.
The Laptop Guy, a Columbus computer repair business, saw a surge in customers last fall when an earlier version of the worm was spreading, President Tonya Feit said.
''What happened in November, and what we're looking at now, the same worm is affecting a multitude of people," Feit said.
Microsoft released a patch to make sure its system is no longer vulnerable to the virus.
Information on the patch is available at www.microsoft.com/technet/security/Bulletin/MS08-067.mspx. or
mharding@dispatch.com
The worm moves from computer to computer by breaking passwords, and then awaits instructions from its creator.