Related
Internal Links
- Conficker: world's greatest April Fool's joke or 'digital Pearl Harbor'? (March 27, 2009)
- New Conficker worm set to attack on April 1 despite bounty (March 20, 2009)
- Microsoft offers $250,000 to nab author of Conficker worm (Feb. 12, 2009)
- Windows virus spreading quickly, but may be a dud (Jan. 19, 2009)
- Feature: Taking on the zombie botnets
External Links
- Computer Associates Conficker page
- Microsoft: Information on Conficker
- Symantec Conficker page
- Computer Troubleshooters
- Anti-virus software recommended by Computer Troubleshooters
- Anti-virus software recommended by Computer Troubleshooters
- Free anti-virus software for home use
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
Conficker is a worm that has been spreading to computers through the internet for months, and computer security experts estimate that millions of machines are infected.
There are other worms crawling the internet, but this one has made headlines in recent weeks because the latest variant of the worm, Conficker C, which was noticed in early March, is expected to launch some sort of attack on April 1, 2009 (it will check the date on a number of internet sites, so changing the date on the computer itself isn't a safeguard).
Computer security experts don't yet know what actions computers infected with Conficker C will be asked to perform and might not know until April 1.
Conficker infects computers running various versions of Microsoft Windows, especially those that have not been patched with a security upgrade issued by Microsoft in October. Once it has its "command and control" instructions, the infected computer becomes part of a "botnet" of many infected computers that take orders from those who control them, and as such, it might gather personal information, install malicious software on the computer and attack or infect other computers.
A group of internet groups and businesses led by Microsoft has offered a $250,000 US reward for information leading to the arrest of those responsible, but in the meantime, they're also urging people to make sure they have proper Windows security updates and anti -virus software installed.
Here are some things you should know about Conficker:
Names it goes by:
- Conficker
- DownadUp
- Kido
Less-common aliases:
- Worm:Win32/Conficker.A (Microsoft)
- Crypt.AVL (AVG)
- Mal/Conficker-A (Sophos)
- Trojan.Win32.Pakes.lxf (F-Secure)
- Trojan.Win32.Pakes.lxf (Kaspersky)
- W32.Downadup (Symantec)
- Worm:Win32/Conficker.B (Microsoft)
- WORM_DOWNAD.A (Trend Micro)
What can it do?
The worm disables Windows Automatic Updates and the Windows Security Center.
It makes the computer part of a "botnet" of other infected computers. A botnet, or robot network, is a group of web-linked computers — sometimes called zombies — that have been commandeered, in some instances by criminals, to perpetrate all kinds of online nastiness. Typically, a "bot" is installed on a machine through a trojan, an insidious program that can find its way into an insufficiently protected computer in a variety of ways, such as when a user clicks on a link to an infected web page or e-mail message, views an infected document, or runs an infected program. Once the bot has made itself at home, it "opens the doors" of its new host computer to its master, who can instruct the machine to engage in various nefarious activities, such as sending out spam and phishing emails or launching the distributed denial of service, or DDOS, attacks.
Conficker can gather personal information, install malicious programs on the computer and send spam to other computers.
One symptom that might indicate you are infected with the worm, according to security company Symantec, is finding that your computer is blocked from accessing the websites of most security companies.
Difference between a virus and a worm:
A virus is a small program that enters your computer inside a file that is written to alter the way a computer operates. Viruses replicate and can cause system crashes and data loss.
A worm is a type of virus that enters a computer through a weakness in the computer system and multiplies by using network flaws. Worms can replicate from system to system without the host file.
Who is vulnerable?
Windows users who haven't installed the proper Microsoft security patches and updates.
Computers that don't have up-to-date anti-virus protection.
Why the concern?
Conficker's early versions have already spread to several million computers (some estimates in March 2009 put the infection rate at around 12 million machines), and machines that had the older versions of the worm have been upgrading themselves to the Conficker-C version to protect themselves from detection and removal.
The "C" version is scheduled to come alive on April 1. At that time, copies of the malicious code on infected computers will try to generate and connect to 500 web URLs a day from a group of 50,000 across 110 domains around the world, including .ca, while trying to reach a "command and control" domain for further instructions. But nobody knows what, if anything, it will do at that point. It might use the "botnet" of computers to distribute spam or malware, or it might do nothing at all.
Who's fighting it?
A consortium of security companies and internet service providers called the "Conficker Cabal" is working to disable the worm.
Microsoft has offered a $250,000 US bounty to find the Conficker creator.
Canada's Internet Registration Authority is trying to block domains generated in Conficker code that fall in the .ca top-level domain from being used.
Compiled by Sheila Whyte, CBC NewsShare Tools
Top News Headlines
- Aylmer triple stabbing leads to first-degree murder charges
- The estranged partner of a young mother who was stabbed to death along with her parents at their home in Aylmer, Que., has been charged with first-degree murder Friday. more »
- Wildfires, high winds put northeastern Ontario on alert
- It's going to be a tense weekend in northeastern Ontario where strong, shifting winds have been fuelling a forest fire that has blanketed the Timmins area with smoke and ash. more »
- Labrador fire out of control
- A forest fire continues to burn out of control in Happy Valley-Goose Bay today, according to provincial firefighting officials. more »
- The risks and responsibilities of taking on Mt. Everest
- The deaths of five climbers last weekend on Mt. Everest, with more summits underway this weekend, fuels the debate about the risks and responsibilities of high altitude climbing. more »
Latest Technology & Science News Headlines
- Unloading of docked SpaceX capsule to start Saturday
- The privately bankrolled SpaceX Dragon capsule made a historic arrival at the International Space Station on Friday, and astronauts will begin unloading some of the 544 kilograms of food, water, clothing and other supplies its carrying starting Saturday. more »
- South Africa, Australia to share world's largest telescope
- South Africa and Australia will jointly host the Square Kilometre Array, which promises to be the world's largest telescope, the international consortium in charge of the project said Friday. more »
- Bonavista, N.L., 'coyote' was really wolf, tests confirm
- Wolves have not been seen in Newfoundland since around 1930 and were believed to have been hunted to extinction on the island, but genetic tests have confirmed that an 82-pound animal shot on the Bonavista Peninsula in March was, in fact, a wolf. more »
- Once-rare argus butterfly thriving thanks to climate change
- Global warming is threatening the existence of many species, such as the giant polar bear, but in the case of Britain's brown argus butterfly, it took a species in trouble and made it thrive. more »
- Yahoo scraps digital magazine designed for iPad
- Yahoo has killed Livestand, a tablet magazine, just six months after its debut on the iPad. more »
Bob McDonald's Blog
Government to shut down unique fresh water research area May. 25, 2012 12:31 PM The Experimental Lakes Area research facility in Northern Ontario is being closed down after 44 years of providing invaluable data to scientists in Canada and internationally, a decision that has stunned researchers and environmental groups.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 25, 2012 4:15 PM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Aylmer triple stabbing leads to first-degree murder charges
- Everest victim's husband says family not seeking government help
- B.C. premier unhappy with disgraced Mountie's transfer
- Canada ending 'Buffalo shuffle' for visas, closing consulate
- What a Greek euro exit could mean for Canada
- Third B.C. salmon farm quarantined
- RCMP officer charged in fatal crash
- Police probe Halifax homicide after shooting
- Ottawa man in hospital after lightning strike
