Lesley Stahl went on to report to millions of viewers that malicious computer hackers have been creating more weapons that they plant on the Internet -- and the problem is growing. She called Conficker one of the most dangerous threats ever, infecting about 10 million computers worldwide.

Conficker earned its reputation. The worm, also known as Downadup, first appeared in late November, exploiting a vulnerability in Microsoft Windows to spread unhindered on local area networks. Its goal so far has been to install rogue software on infected computers.

Microsoft issued a patch for the vulnerability, but users who haven't installed it are open to infection as the worm spreads through portable USB flash drives. Malware authors are expected to set the wheels in motion to launch the next variant of Conficker on Wednesday.

Honeynet Project Responds

"As you know, bad things are going to happen on April 1st: People will be sending out e-mails to their friends, telling silly jokes and putting MTAs (mail transfer agents) under a higher load," said Lance Spitzer, CEO of the Honeynet Project, an international nonprofit research organization that aims to improve Internet security.

"Besides that (but not quite that bad), Conficker will activate its domain-name-generation routine to contact command-and-control servers," he said. "We have been researching this piece of malware recently, with a focus on how to detect Conficker-infected machines."

The Honeynet Pot Project has just released a paper called Know Your Enemy: Containing Conficker. The paper presents several potential methods to contain Conficker, taking advantage of the way the worm patches infected systems, which the group said could be used to remotely detect a compromised system . The paper also demonstrates several methods to detect and remove Conficker locally, and a potential vaccination tool is presented.

The Honeynet Project has also released a new scanning tool for detecting Conficker. The tool was developed in coordination with Dan Kaminsky, a security researcher well known for his work on DNS cache snooping. It was Kaminsky who discovered a fundamental flaw in the DNS protocol last July.

Raising Public Awareness

"This is not the first really big worm," said Andrew Storms, director of security operations for nCircle. "The reason for the hysteria and panic around this worm is because the public has finally realized that worms are connected to botnets."

Storms said this is the most technically interesting worm he's seen because of the way it spreads, as well as the connections mechanism, its encryption types, and the methods it uses to contact its command-and-control servers. As he sees it, this sophistication is definitely contributing to the overall level of public fear.

"While the work the Honeynet Project and Dan Kaminsky have done is helpful to security teams, most enterprises are already using a patch-management process and following industry best practices," Storms said. "They are likely already patched and protected from a Conficker infection."