Conficker Worm Prepares For A New Release On April 1

March 27, 2009 by John Messina Conficker Worm April 1 Release

(PhysOrg.com) -- The conficker worm created havoc last year when it infected over 10 million computers on a global scale. The unique design of the conficker worm allowed for this large scale attack to over 8 million business computers and scores of individual computers in 2008.

The conficker worm is periodically evolving by downloading updates that creates thousands of false domains daily to throw off security investigators. On the day it chooses to update, it selects 500 correct domains out of the 50,000 candidates to download malware and updates from.

On the first release it tried to download and execute a file called loadav.exe. It turned out that the file was never uploaded and the next generation did away with this. This led investigators to believe it was a malware program trying to promote itself as fake antivirus software.

The second release, the worm used Windows Services, on unpatched machines, to spread. This new release also had the power to spread over network shares by trying to log in autonomously into network machines with weak passwords. It developed the ability to infect USB sticks connected to infected machines, giving it another means of transmission.

On the final and third release, which became know as the Downadup virus, peer-to-peer communication between infected systems was added to it's arsenal of weapons. The virus also added new domain-generation algorithms to help it disguise where it was receiving its updates from.

Microsoft is offering a bounty for the worm's writers and security experts are no closer to having any clue as to the individual or individuals who are writing the Conficker code.

As Conficker continues to spread and get smarter, there is little doubt it's creating an army of infected machines, one that can cause serious damage. On April 1 we will see the attacks be taken to the next level. One can only guess what this next release has in store for the Global Internet Community.

© 2009 PhysOrg.com


print this article email this article download pdf blog this article bookmark this article     Stumble it Digg this share on Facebook retweet share on Reddit add to delicious
Rate this story - 3.8 /5 (16 votes)

Rank Filter

Move the slider to adjust rank threshold, so that you can hide some of the comments.


Display comments: newest first

  • columbiaman - Mar 27, 2009
    • Rank: not rated yet
    How exactly do we know that the worm is getting an update on April 1st?
  • jmessina - Mar 27, 2009
    • Rank: 4 / 5 (1)
    The latest variant of the worm, Conficker.C, is programmed to do something on April 1. What exactly its will do no one knows.
  • moj85 - Mar 27, 2009
    • Rank: 5 / 5 (1)
    it will turn into SkyNet!
  • Mayday - Mar 27, 2009
    • Rank: 5 / 5 (1)
    If they have determined the date, why not out-smart the clock so it reads as April 1st and see what it does?
  • Ant - Mar 27, 2009
    • Rank: 1.5 / 5 (2)
    If you are not the attaker HOW DO YOU KNOW
  • Bob_Kob - Mar 27, 2009
    • Rank: 5 / 5 (1)
    Its an april fools joke.
  • LuckyBrandon - Mar 27, 2009
    • Rank: 3.7 / 5 (3)
    i would tend to agree with bob kob...any legit virual entity, especially one where the developers are truly unknown persons, will NEVER have a release date for the next version of the virus.
    The ONLY way I could see that happening, is if the antivirus companies themselves are developing the virus (which, btw, they DO have people on staff that do nothing but develop viruses so the code can be used to expand the AV softwares viral database)....I also wouldnt doubt that is the case with that being said.


    we're still about a decade away, give or take a few years, from anything even approaching the capabilities of skynet...oih except for my domain controller bearing the same name...oh and about 50 of my buddies domain controllers as well :)
  • thales - Mar 27, 2009
    • Rank: 4 / 5 (4)
    Let's see: it's powerful, it inhabits millions, it's been killed only to rise again, and its final coming is at hand.

    I for one have already asked Conficker into my heart and joyously await its arrival. The rest of you are screwed.
  • Mercury_01 - Mar 27, 2009
    • Rank: 5 / 5 (1)
    WORM BAD!!!!!!!!!
  • MorituriMax - Mar 28, 2009
    • Rank: 4 / 5 (4)
    thales, lol... you have made me also see the light.

    hilarious
  • Sky2042 - Mar 28, 2009
    • Rank: not rated yet
    I for one have already asked Conficker into my heart and joyously await its arrival. The rest of you are screwed.


    You also share your loyalties to the FSM, don't you?
  • Ashy - Mar 28, 2009
    • Rank: not rated yet
    Somehow or other it will be very funny Fools day :)

    "At April 1 we will announce our new great virus!" *applause* "It will be more mysterious and dangerous than previos versions!"
  • Modernmystic - Mar 28, 2009
    • Rank: 1 / 5 (1)
    Let's see: it's powerful, it inhabits millions, it's been killed only to rise again, and its final coming is at hand.



    I for one have already asked Conficker into my heart and joyously await its arrival. The rest of you are screwed.



    Does this article have something to do with religion or is it that you can't help exercise your bigot fetish and troll like a moron on every thread you post on?
  • javes - Mar 28, 2009
    • Rank: not rated yet
    Modern mystic is completely correct, except for one thing... Why just exclaim everyone else is screwed? Prosthetize!
  • shyataroo - Mar 28, 2009
    • Rank: not rated yet
    And people wonder why I have a mac.
  • Velanarris - Mar 28, 2009
    • Rank: 5 / 5 (1)
    And people wonder why I have a mac.

    Because you bought into all of that "Mac is virus proof" crap?
  • Modernmystic - Mar 28, 2009
    • Rank: 5 / 5 (1)
    And people wonder why I have a mac.


    If you were a sociopathic jerk and wanted write malicious code and really screw with a lot of people's lives would you....

    a)Write said code so it will only effect 1% of the population, or...

    b)Wrist said code so it will effect 99% of the population?

    Don't break something thinking TOO hard about it...
  • Ant - Mar 29, 2009
    • Rank: 5 / 5 (1)
    I too have a freind who is convinced that Macs are virus proof. I would suggest that most atakers beleive mac are so irrelavent they cant be bothered.
  • random - Mar 30, 2009
    • Rank: 4 / 5 (1)
    cool, I can't wait
  • Velanarris - Mar 30, 2009
    • Rank: 2 / 5 (1)
    I too have a freind who is convinced that Macs are virus proof. I would suggest that most atakers beleive mac are so irrelavent they cant be bothered.
    Ask your friend why they continue to make (and sell) antivirus products for Macs if they're virus proof.
  • QubitTamer - Mar 30, 2009
    • Rank: not rated yet
    You thought it was over... You thought it was forgotten... but on April 1st, 2009...







    All your base are belong to us!



    eeeent!
    eeeent!
    eeeent!
  • Mercury_01 - Mar 31, 2009
    • Rank: 5 / 5 (1)
    WHAT HAPPEN?!?!?


    SOMEBODY SET US UP THE BOMB!!!!!
  • Ethelred - Mar 31, 2009
    • Rank: not rated yet

    SOMEBODY SET US UP THE BOMB!!!!!


    Terrible. You got your bad translation WRONG.

    Its

    "Somebody set us up the bomb."

    Your way makes too much sense. Please get it right in the future.

    A more appropriate choice of mistranslations would be:

    You have no chance to survive make your time.

    Ethelred
  • Mercury_01 - Mar 31, 2009
    • Rank: not rated yet
    What you say? Thats actually how I talk.
  • Velanarris - Mar 31, 2009
    • Rank: not rated yet
    What you say? Thats actually how I talk.

    Not surprising.

    FYI: if you've run windows update since July 08 you're all set.
  • Mercury_01 - Apr 01, 2009
    • Rank: not rated yet
    What you say? Thats actually how I talk.


    Not surprising.





    FYI: if you've run windows update since July 08 you're all set.




    I think you may have missed the joke, V. Here: youre about 10 years late, but Im sure its still funny.

    http://www.youtub...ugh-fFgg
  • Velanarris - Apr 01, 2009
    • Rank: not rated yet
    I think you may have missed the joke, V. Here: youre about 10 years late, but Im sure its still funny.

    http://www.youtub...ugh-fFgg

    I think you missed the joke. I'm familiar with the poorly translated Japanese game, and the resulting internet All Your Base fad.
  • Mercury_01 - Apr 01, 2009
    • Rank: not rated yet
    Oh, well then...

    WORM BAD!!!!
  • x646d63 - Apr 04, 2009
    • Rank: not rated yet
    No conspirators amongst us? I'm convinced the CIA or Mossad is responsible for conficker. It's an eavesdropping tool. It's was originally designed to penetrate large networks (corporations), not necessarily individual home computers. I think Microsoft and other vendors have traced it to its origins, but what can they do about it if it's CIA?
  • smokabowl420 - Apr 04, 2009
    • Rank: not rated yet
    As crazy as it may sound, SkyNet is actually the right answer. My brother works for Sony Entertainment, and told me the conficker virus is really just a very advanced form of viral marketing for the new Terminator:Salvation movie.

    Just wait, you'll see.
  • bmcghie - Apr 05, 2009
    • Rank: 5 / 5 (1)
    Well, I dunno what the virus did for the movie. I was going to see it just to see if ANYONE could equal good ol' Arnold as the Terminator.
  • LuckyBrandon - Apr 18, 2009
    • Rank: not rated yet
    Ant-I could write something in about 10 minutes to kill a MAC or a PC. Its ANY computer system, that can even include metal presses and metal manufacturing plants...if a virus is written to understand the code and destroy from there, it WILL do its job. MACs are a POS unless your doing multimedia related things...the end.

    x646...-there is DoD code written into every operating system developed in the US. If a government entity were responsible, trust me, we would NEVER know the worm was ever even there. This isn't any government thing...they are pricks, and they steal our rights daily, BUT, this is the governments doing. The last I heard, this was suspected to come from eastern europe.

    smokabowl420-1. love the name, can I join :D 2. When the hell is that coming out I wanna see it :D
  • Velanarris - Apr 19, 2009
    • Rank: 4 / 5 (1)
    There is no DoD code written into Operating Systems. None whatsoever. This isn't really refutable either, so I'd like to know where you heard this that you'd take it as gospel.

    Big Brother was watching, but he changed the channel because we're all boring, and he really doesn't care.
  • LuckyBrandon - Apr 19, 2009
    • Rank: not rated yet
    I would rather not get into that, but lets just say that my prior and current professional experience has put me in a position to know a lot of insider information about a lot of products....with my background being in areas ranging from systems engineering to infrastructure architecture to development....
    But let's forget I said anything about it in hind sight...I need to stop my drinking binge.... :|
    I should have phrased it differently though, to reflect more of a backdoor, not specific code.
  • LuckyBrandon - Apr 19, 2009
    • Rank: 5 / 5 (1)
    Oh and if big brother doesn't care, then why are there federal agents stationed at cell phone companies to this day...those bastards are even scanning our cell phone calls....I'm pretty sure that's public knowledge now....
  • Velanarris - Apr 20, 2009
    • Rank: 5 / 5 (1)
    Are you referring to the CID chip embedded on all motherboards allowing physical polling reads, that's hardly a backdoor, it's an info tagger so if you generate something, an email, a photoshop picture, a web page, the machine that created the content can be identified but only if you have the content, and the machine, in hand. You're not the only IT engineer here.



    And as for agents at the cell phone companies, welcome to the 40's. The FCC regulates all radiowaves, including cellular, 3g, EVDO, and all the other nifty portable comm techs. They're antipiracy, as well as oversight.

    Just because the NSA can record your conversation, and listen to it, doesn't mean they care about your conversations. You're too boring for Big Brother to care about. Seeing as you're on a free-range, searchable forum, you should probably also know that they can track every purchase you make with credit cards, all your usernames and passwords, what you have in your grocery cart at the chekout line, etc, etc. And since you've raised a slight "anti-governmental" statement in the past, you'd expect that they're watching you right now as you eat your english muffin and contemplate heading down to the basement for a jerk before work, but, they don't care.
  • LuckyBrandon - Apr 23, 2009
    • Rank: not rated yet
    And as for agents at the cell phone companies, welcome to the 40's. The FCC regulates all radiowaves, including cellular, 3g, EVDO, and all the other nifty portable comm techs. They're antipiracy, as well as oversight.

    There is secret service of all things at cell phone companies...I know an agent assigned to one who is basically family to me....and he/she (won't say) has been there for a few years now.


    Oh and no, not speaking to the chip...

    And I do agree, I myself, along with every last one of us in here is too boring to review, but that doesnt change the fact they ARE violating our right to privacy unconstitutionally.
  • LuckyBrandon - Apr 24, 2009
    • Rank: not rated yet
    I need to revamp my comment above...I spoke with my friend, and he/she basically said that they were "encouraged" to leave their agent position in lieu of a position at a cell phone company where she would be interfacing with the government branches involved ..so NOT still secret service, but thats where he/she was when he/she was "encouraged"....he/she took a generous pay raise too...
  • Velanarris - Apr 26, 2009
    • Rank: not rated yet
    Like I've said before, information is the new currency of international relations, so businesses will pay top dollar for the best security they can get.



    Who better than secret service and the various militaries?

March 27, 2009 all stories

Comments: 39

3.8 /5 (16 votes)
  • Stumble this up

  • Digg this

  • share this

  • hide
  • Related Stories

  • The Raging Windows Worm has attacked over 8.9 Million Computers
    created Jan 19, 2009 | popularity not rated yet | comments 0
  • Help! How to avoid fast-moving computer worm
    created Jan 28, 2009 | popularity not rated yet | comments 0
  • Downadup Worm Hits Over 3.5 Million Computers
    created Jan 16, 2009 | popularity not rated yet | comments 0
  • No foolproof way to beat virus attack for now
    created Aug 17, 2005 | popularity not rated yet | comments 0
  • Companies often overstate 3G cell speeds
    created Feb 18, 2009 | popularity not rated yet | comments 0



  • hide
  • Relevant PhysicsForums posts

  • Aspiring Engineering major looking for general answers
    created Nov 19, 2009
  • Calculating max load of square tube (steel)
    created Nov 19, 2009
  • Passive Chemical Heating
    created Nov 19, 2009
  • Shortening Boat Trailer
    created Nov 18, 2009
  • More from Physics Forums - General Engineering

Other News

China is the world's largest emitter of the greenhouse gases blamed for global warming

China harnesses mountain wind power

Technology / Energy

created 5 hours ago | popularity 5 / 5 (2) | comments 0

In the mountains above the southwestern Chinese town of Dali, dozens of new wind turbines dot the landscape -- a symbol of the country's sky-high ambitions for clean, green energy.


Hackers leak e-mails, stoke climate debate

Technology / Internet

created 17 hours ago | popularity 4.4 / 5 (21) | comments 18

(AP) -- Computer hackers have broken into a server at a well-respected climate change research center in Britain and posted hundreds of private e-mails and documents online - stoking debate over whether some scientists have ...


Analysts say AmEx is most interested in the so-called peer-to-peer services of Revolution

American Express takes aim at PayPal with Revolution

Technology / Internet

created 2 hours ago | popularity not rated yet | comments 0

With its deal to buy Revolution Money, American Express is taking aim at the growing market for online and alternative payments, in a challenge to recognized leader PayPal, analysts say.


Ubisoft steps up videogame fitness with virtual coach

Technology / Software

created 6 hours ago | popularity not rated yet | comments 0

French videogame powerhouse Ubisoft will have a virtual fitness coach whipping Wii users into shape starting Tuesday.


plug-in hybrid electric vehicle

Pulling the plug on hybrid myths

Technology / Energy

created Nov 19, 2009 | popularity 3.8 / 5 (12) | comments 17

(PhysOrg.com) -- Whether you call them myths, urban legends, fables or old wives' tales, there's a lot of misinformation out there about plug-in electric hybrid vehicles. These vehicles, abbreviated PHEVs, ...