Time and again I have written and warned about Conficker. The latest being Conficker.c, popularly known as April Fool Virus. After April 1st, security agencies did not see the worm spreading and causing havoc as expected. But the fact is – “Conficker is alive and kicking”.
And now, deadlier than ever
Why deadlier? Because it now has a business model associated with it. It has started to update itself via a peer-to-peer network between the infected machines, after downloading its payload from a server in South Korea. So the infected PCs act like zombies to the owners of the worm who now has almost the complete control over the infected PCs. There is no information on the actual number of PCs affected with this worm, but is estimated to be somewhere between 10 million to 15 million.
The earlier versions of Conficker were known to just block the infected machines from accessing the servers of most antivirus companies and Microsoft Update server. The new variant also does the same but has gone further by blocking sites which offers tools to remove Conficker.
The hackers have supposedly set a deadline of May 3 for the Conficker worm to delete itself from the infected machine, but still it keeps a port open so that the hackers can come back and access the PC if they need to. As per Trend Micro & Symantec, Conficker downloads a version of Waledoc malware which is one of the most active spam-bots around. This indicates that the creators of Conficker might be the same ones as Waledoc.
Secure yourself or Fix Conficker worm
If you are someone who constantly or automatically updates Microsoft Windows patches, most certainly you will be safe from Conficker worm. But still I would suggest you to carry out few simple test to be sure.
If unfortunately the above tests indicate that you are infected head over to this post on tools to fix conficker / downadup worm, which I had written a month back and see if any one of the tools can detect and remove the worm. I have updated the post with some latest tools, so make sure you try them all once.