Origins: Conficker.C (also known as Kido or Downadup) is the third iteration of a worm which first began slithering its way onto Windows-based PCs in November 2008, with each version growing more sophisticated than the last. Like many other forms of malware, after it has infected a target computer (by downloading a Trojan), it tries to prevent its removal by disabling anti-virus software and blocking access to security-related web sites, as well as stealing personal information by masquerading as an anti-virus product:
Conficker is now parading as an anti-virus program called Spyware Protect 2009. The worm takes users to a fake secuirty Web site, asks them to pay $50 for a spyware program that actually is the Conficker worm, then keeps your credit card information, to boot.
The Conficker worm's purpose is to create a "botnet" of infected computers that can be controlled by Conficker's creators, allowing them to engage in such activities as stealing stored information from those computers, launching attacks against particular web sites, or directing infected machines to send out spam
e-mails. Although no one is quite sure how many computers have already been infected by Conficker, estimates place the number upwards of a couple of million.
On 1 April 2009, infected computers started attempting to "call home" (i.e., contact control servers in the botnet) in order to receive Conficker updates,
a process which some claims held would produce an apocalyptic cyber-event on that date and result in millions of computers being wiped out or large portions of the Internet being disabled. In the event, nothing (obviously) momentous occurred on 1 April and infected machines received no updates, although security experts cautioned that didn't mean Conficker wasn't quietly engaging in same nefarious cyber-deeds on behalf of its masters:
But even though nothing dramatic happened, Roger Thompson, AVG Technologies' chief research officer, warned against blowing the worm off.
"We expect that they have achieved their aim of building a fairly bullet-proof botnet, and will now simply farm it, which means they'll probably harvest credit card numbers, bank accounts and identities from as many victims as possible, and then do it all again," he said.
In February 2009, Microsoft announced it had formed a partnership with other technology agencies to coordinate a response to Conficker and was offering a $250,000 reward for information leading to the arrest and conviction of those responsible for launching the Conficker code on the Internet. In October 2008, Microsoft issued a patch to close a vulnerability in Windows-based systems that could be used for a wormable exploit, and in March 2009 it published an alert with instructions and tools for stopping the spread of Conficker and removing it from infected systems.