Threat Center Security News Conficker Worm to begin mayhem on April Fool's day
Conficker Worm to begin mayhem on April Fool's day Print E-mail
Written by Rebecca Mints   
Monday, 30 March 2009 05:36

This coming April 1 will be a dark day for many Internet users. A worm called the Conficker will begin its mayhem on April Fool's day and do it everyday from then on when it generates some 50,000 pseudo-random domain names and infect many systems by downloading new commands from 500 of the generated domains.

 As early as today, security researchers have sounded the alarm on the dangers that Conficker pose to computers connected to unsecured networks.

The SRI International said the worm's coders possess great technical ability and can even block security software. In its study of the worm's capabilities, SRI International discovered that the worm is able to distribute code by creating a peer-to-peer network and allows only the authors to update its code by using the MD6 hash algorithm to authenticate updates.

The Conficker worm began infecting systems as early as November last year by exploiting a vulnerability in the MS Windows. A variant of the worm began spreading by December and infected millions of computers through the Internet.

To stop the mayhem, a group of security firms and ISPs grouped themselves into what they call the 'Conficker Cabal' and worked together to block all randomly generated domains in advance.

In the latest monitoring of the worm, SRI International said its new version, Conficker C, will also generate psuedo-random domain names every day beginning April 1.


WTW Threat Level