Malicious virus might spread mayhem, or laughs on April Fools' Day

By Aman Batheja

McClatchy Newspapers

(MCT)

FORT WORTH, Texas _ April Fools' Day pranksters may find themselves outmatched this year.

A cunning computer infection that is believed to have infiltrated millions of computers is expected to receive a set of instructions from its creator on April 1.

"Everybody is a little bit nervous about it," said Mike Stute of Dallas-based Global DataGuard, a network security firm. "It could be nothing. It could be very dangerous."

Either way, the anonymous creator of the Conficker virus has caught the attention of computer security experts around the world, with Microsoft going so far as to issue a $250,000 bounty on those who created it.

The Conficker worm, a malicious software program also known as Downadup, has spread through a vulnerability in Microsoft Windows. Windows users who automatically receive updates from Microsoft are probably safe. Likely, so too are those with updated antivirus software.

The Conficker worm is thought to have easily found millions of Windows users who haven't updated their operating systems or don't have the right protection.

The U.S. Department of Homeland Security released a tool Monday to detect whether a computer is infected by the Conficker worm.

Yet other than reducing an infected computer's defenses, Conficker hasn't done much else to its victims, a departure from most computer infections that tend to do a lot of damage early on, according to computer security experts.

Instead, the most recent version of Conficker appears to be designed to wait until April 1 and then begin searching the Web for the next set of instructions from its creator.

"He could, say, delete the entire contents of the hard disk," said Mike Cotton, a researcher for San Antonio-based Digital Defense. "Or steal credit card info ... He could tell the machines to send massive spam attacks across the Internet."

Then there's the theory this is all an elaborate hoax, fittingly to be revealed on April Fools' Day.

Whether the goal is money or bragging rights, many experts are in awe of Conficker. Some call it the most sophisticated worm ever created.

"This is like these guys have learned four or five of the top techniques and put them all together in a worm that is elegantly written," Stute said.

Margaret Perez, who fights viruses on business computer networks as owner of Tech Support Mobile Services in Fort Worth, said the talk about Conficker has been unavoidable in recent weeks.

"It's like a hurricane coming when something like this happens," Perez said. "We've been seeing a barrage of these kinds of viruses for a year now. This one is probably the most serious of them all."

But for all the hype, Perez said there are an untold number of serious infections targeting PC users all the time, and after Conficker is beaten, likely something worse will come along to replace it.

"Maybe for like 15 days, it's actually going to be the Conficker worm," Perez said. "Then it's going to mutate to Conficker AB, or Conficker G Generic. It mutates just like a disease mutates."

Blissfully unaffected by worries about Conficker are computer users not on Windows.

The online design firm Alamofire in Southlake, Texas, runs only Apple's Mac OS and the freely distributed Linux operating systems on its computers, said company head Josh Williams.

The company's products include applications for Facebook and the iPhone. Security experts worry that social networking sites and mobile devices could be the next easy target for creators of malicious entities like Conficker.

Security is a priority for the company, Williams said, but in the end, users need to be careful about where they go online and who they allow to access their information.

"Ultimately common sense is a key ingredient to security," Williams wrote in an e-mail. "You can use all the security patches in the world, but if you hand your password out to a phisher or download an application you received in an e-mail, those patches aren't going to help you."

CHECKING YOUR COMPUTER

How to see whether your home computer is infected with Conficker:

The U.S. Department of Homeland Security released a tool Monday to detect whether a computer is infected by the Conficker worm. You can access it at www.us-cert.gov.

How to remove Conficker from your home computer:

Tools to remove Conficker are available at several Web sites including

www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

www.mcafee.com

www.windowsupdate.com

www.symantec.com

Conficker may block infected computers from accessing many security sites. If you cannot access one, San Antonio-based Digital Defense recommends finding an uninfected computer and copying the Windows Malicious Software Removal Tool at http://www.microsoft.com/security/malwareremove/default.mspx onto a CD and then loading it onto the infected one.

Source: Microsoft, Digital Defense, Global DataGuard

___

© 2009, Fort Worth Star-Telegram.

Visit the Star-Telegram on the World Wide Web: www.star-telegram.com.

Distributed by McClatchy-Tribune Information Services.