April Fool's Day Computer Worm

Hey guys, I have just read a very disturbing news from CNN. Tomorrow a computer worm will be activated and may infect millions of users. This worm has a capability of controlling your computer as a " zombie" computer if your computer get infected with it. The programmer of this worm can erase all your files, make online purchase from your account and steal your password. Make sue your computer is protected from this deadly virus. Read more about it from CNN news story below.

CNN. A computer-science detective story is playing out on the Internet as security experts try to hunt down a worm called Conficker C and prevent it from damaging millions of computers on April Fool's Day.

This piece of computer code tells the worm to activate on April 1, 2009, researchers at CA found.

The anti-worm researchers have banded together in a group they call the Conficker Cabal. Members are searching for the malicious software program's author and for ways to do damage control if he or she can't be stopped.

They're motivated in part by a $250,000 bounty from Microsoft and also by what seems to be a sort of Dick Tracy ethic.

"We love catching bad guys," said Alvin Estevez, CEO of Enigma Software Group, which is one of many companies trying to crack Conficker. "We're like former hackers who like to catch other hackers. To us, we get almost a feather in our cap to be able to knock out that worm. We slap each other five when we're killing those infections."

The malicious program already is thought to have infected between 5 million and 10 million computers.

Those infections haven't spawned many symptoms, but on April 1 a master computer is scheduled to gain control of these zombie machines, said Don DeBolt, director of threat research for CA, a New York-based IT and software company.

What happens on April Fool's Day is anyone's guess.

Don't Miss

• $250K Microsoft bounty to catch worm creator
• Downadup virus exposes millions of PCs to hijack

The program could delete all of the files on a person's computer, use zombie PCs -- those controlled by a master -- to overwhelm and shut down Web sites or monitor a person's keyboard strokes to collect private information like passwords or bank account information, experts said.

More likely, though, said DeBolt, the virus may try to get computer users to buy fake software or spend money on other phony products.

Experts said computer hackers largely have moved away from showboating and causing random trouble. They now usually try to make money off their viral programs.

DeBolt said Conficker C imbeds itself deep in the computer where it is difficult to track. The program, for instance, stops Windows from conducting automatic updates that could prevent the malware from causing damage.

The program's code is also written to evolve over time and its author appears to be making updates to thwart some of the Conficker Cabal's attempts to neuter the worm.

"It is very much a cat and mouse game," DeBolt said.

It's unclear who wrote the program, but members of the Cabal are looking for clues.

First, they know that some recent malware programs have come from Eastern European countries outside the jurisdiction of the European Union, said Patrick Morganelli, senior vice president of technology for Enigma Software.

Worm program authors often hide in those countries to stay out of sight from law enforcement, he said.

In a way, the Conficker Cabal is also looking for the program author's fingerprints. DeBolt said security researchers are looking through old malware programs to see if their programming styles are similar to that of Conficker C.

The prospects for catching the program's author are not good, Morganelli said.

"Unless they open their mouth, they'll never be found," he said.

So, the most effective counter-assault simply may be damage control.

One quick way to see if your computer has been infected is to see if you have gotten automatic updates from Windows in March. If so, your computer likely is fine, DeBolt said.

Microsoft released a statement saying the company "is actively working with the industry to mitigate the spread of the worm."

Users who haven't gotten the latest Windows updates should go to http://safety.live.com if they fear they're infected, the company's statement says.

DeBolt said people who use other antivirus software should check to make sure they've received the latest updates, which also could have been disabled by Conficker C.

The first version of Conficker -- strain A -- was released in late 2008.

Read more....