Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / Don't Panic on Conficker, Firms Say
Don't Panic on Conficker and April 1, Security Firms Say
Don't Panic on Conficker and April 1, Security Firms Say
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Despite security analysts insisting that April 1 is only a red herring, the Conficker malware hype keeps growing as April Fools' Day approaches. Indeed, the doom and gloom is persisting even as security researchers offer a voice of reason.

The worm first appeared in late November, exploiting a vulnerability in Microsoft Windows to spread unhindered on local area networks. Its goal is to install rogue software on infected computers. Microsoft issued a patch for the vulnerability, but users that haven't installed it are open for infection as the worm spreads through portable USB flash drives.

As the speculation grows around Conficker, also known as the Downadup worm, Symantec and its Conficker Working Group partners continue researching the possibilities of the April 1 fallout from a worm that wreaked havoc on millions of computers earlier this year. So far, Symantec has determined three facts that it is sharing.

Symantec Sets the Record Straight

First, Symantec has determined that on April 1, W32.Downadup.C, the most recent variant of the malware also known as Conficker, will begin to use a new algorithm to determine what domains to contact. No other actions have been identified to take place on April 1.

Second, Symantec said it's possible that systems infected with W32.Downadup.C will be updated with a newer version of the malware on April 1 by contacting domains on the new domain list. However, the security company noted, these systems could be updated on any date before or after April 1, as well by using the peer-to-peer updating method found in W32.Downadup.C.

Third, Symantec said, the public should not be alarmed. However, as always, computer users should exercise caution and implement security best practices into their daily computing routines.

The worm certainly is an issue of concern, but the probability of a major Downadup-related cyber event on April 1 is not likely, according to Vincent Weafer, vice president of Symantec Security Response.

"In reality, the author or authors of Downadup probably didn't intend for this malware to get as much attention as it has. Most malware these days is designed to be used for some type of criminal monetary gain, and conducting such criminal acts typically requires stealth measures to be successful," Weafer said. "As such, this makes the odds that a major event will take place on April 1 even less likely, since there is so much attention being paid to that day."

What Should We Expect?

McAfee said we don't know the intent of the authors of the Conficker worm, but one thing is certain: They have consistently improved the worm by adding new functionality and anti-debugging tricks with every released variant.

"In order to resist the Conficker cabal initiative, which recently blocked domain registrations associated with previous Conficker A and B variants, the worm authors upped the randomly generated domain count from 250 to 50,000," said Vinoo Thomas, a security researcher at McAfee. "The intent behind generating and attempting to contact so many domains is to make it extremely difficult for security researchers to monitor sites that could potentially host a payload for the Conficker worm to download and execute."

Security firms advise home users to make sure their security software is up to date with the latest antivirus signatures and to enable their systems' automatic security updates. On the enterprise front, Symantec recommends that companies continue to deploy all critical security patches, ensure their security software is up to date, clean any systems that are infected with any version of Downadup using the available removal tools and guidance provided, and evaluate additional security best practices in accordance with their organizations' policies and procedures.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.