Origins: Conficker.C (also known as Kido or Downadup) is the third iteration of a worm which first began slithering its way onto Windows-based PCs in November 2008, with each version growing more sophisticated than the last. Like many other forms of malware, after it has infected a target computer (by downloading a Trojan), it tries to prevent its removal by disabling anti-virus software and blocking access to security-related web sites, as well as stealing personal information by masquerading as an anti-virus product:
Conficker is now parading as an anti-virus program called Spyware Protect 2009. The worm takes users to a fake secuirty Web site, asks them to pay $50 for a spyware program that actually is the Conficker worm, then keeps your credit card information, to boot.
The Conficker worm's purpose is to create a "botnet" of infected computers that can be controlled by Conficker's creators, allowing them to engage in such activities as stealing stored information from those computers, launching attacks against particular web sites, or directing infected machines to send out spam
e-mails. Although no one is quite sure how many computers have already been infected by Conficker, estimates place the number upwards of a couple of million.
On 1 April 2009, infected computers started attempting to "call home" (i.e., contact control servers in the botnet) in order to receive Conficker updates,
a process which some claims held would produce an apocalyptic cyber-event on that date and result in millions of computers being wiped out or large portions of the Internet being disabled. In the event, nothing (obviously) momentous occurred on 1 April and infected machines received no updates, although security experts cautioned that didn't mean Conficker wasn't quietly engaging in same nefarious cyber-deeds on behalf of its masters:
But even though nothing dramatic happened, Roger Thompson, AVG Technologies' chief research officer, warned against blowing the worm off.
"We expect that they have achieved their aim of building a fairly bullet-proof botnet, and will now simply farm it, which means they'll probably harvest credit card numbers, bank accounts and identities from as many victims as possible, and then do it all again," he said.
In February 2009, Microsoft announced it had formed a partnership with other technology agencies to coordinate a response to Conficker and was offering a $250,000 reward for information leading to the arrest and conviction of those responsible for launching the Conficker code on the Internet. In October 2008, Microsoft issued a patch to close a vulnerability in Windows-based systems that could be used for a wormable exploit, and in March 2009 it published an alert with instructions and tools for stopping the spread of Conficker and removing it from infected systems.
David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.
Thank you for writing to us! Although we receive hundreds of e-mails every day, we really and truly read them all, and your comments, suggestions, and questions are most welcome. Unfortunately, we can manage to answer only a small fraction of our incoming mail.
Our site covers many of the items currently being plopped into inboxes everywhere, so if you were writing to ask us about something you just received, our search engine can probably help you find the very article you want.
Choose a few key words from the item you're looking for and click here to go to the search engine.
(Searching on whole phrases will often fail to produce matches because the text of many items is quite variable, so picking out one or two key words is the best strategy.)
We do reserve the right to use non-confidential material sent to us via this form on our site, but only after it has been stripped of any information that might identify the sender or any other individuals not party to this communication.