All quiet on the Conficker front. Now what?

All quiet on the Conficker front. Now what?

by Elinor Mills Font

As expected, the Conficker worm failed to cause the digital pandemonium that some may have feared.

So, can we all just go back to playing on Facebook and watching the game now?

Not really. Just because the worm failed to create much of a stir on the day it was set to activate, April 1, doesn't mean it won't wake up and act later.

"The (malicious) hackers can tell their worm to do something any day of the year; they're just as likely to do it tomorrow or next Wednesday or in August," said Graham Cluley, a senior technology consultant with Sophos.

Then why the April 1 message in the code?

Cluley says he doesn't know. "This was such an invisible change inside the code. It was inconsequential to the infected computer that maybe (the creators) didn't think there would be such a frenzy," he said.

Today, as on any day, PC users should make sure their systems are patched and running the latest security software. People should patch their systems to close the hole in Windows it exploits and update their anti-virus software. The major anti-virus vendors all have free Conficker removal tools.

The worm also can spread via network shares and removable storage devices like USB thumb drives. So users are advised to use strong passwords when sharing files on a network and to download a patch Microsoft released to address the Autorun feature problem in Windows that makes using removable storage risky.

Oh, and be careful about searching for Conficker removal software on Google. Scammers have managed to get fake security sites among the top searches, Cluley said. Bogus sites are designed to steal your credit card information and could install malware on your computer instead of a legitimate security program.

So, what is the intention behind the worm, anyway? Why all the fuss?

Like many other worms, it's likely the Conficker worm is designed to create a botnet that could be used to send spam, launch denial-of-service attacks to shut down Web sites or steal data from infected computers.

David Perry, global director of security education at Trend Micro, said he suspects that the worm creators will slice up the botnet and sell it to spammers via underground forums, like they did with the Storm worm.

"The funny thing is that everyone has these expectations that come to them from science fiction viruses. In the movies they blow up the terminal, tip over an oil tanker and bring aliens out of the sky," said Perry. "In reality, the kind of thing a botnet does is much less visible. It's a lot more insidious of them to steal your bank password than to blow up your computer."

Hear more about what happened and didn't and why on this CNET podcast.