Fact Check


Information about the Conficker computer virus.

Published Mar 27, 2009

Virus:   Conficker


Origins:   Conficker.C (also known as Kido or Downadup) is the third iteration of a worm which first began slithering its way onto Windows-based PCs in November 2008, with each version growing more sophisticated than the last. Like many other forms of malware, after it has infected a target computer (by downloading a Trojan), it tries to prevent its removal by disabling anti-virus software and blocking access to security-related web sites, as well as stealing personal information by masquerading as an anti-virus product:

Conficker is now parading as an anti-virus program called Spyware Protect 2009. The worm takes users to a fake secuirty Web site, asks them to pay $50 for a spyware program that actually is the Conficker worm, then keeps your credit card information, to boot.

The Conficker worm's purpose is to create a "botnet" of infected computers that can be controlled by Conficker's creators, allowing them to engage in such activities as stealing stored information from those computers, launching attacks against particular web sites, or directing infected machines to send out spam

e-mails. Although no one is quite sure how many computers have already been infected by Conficker, estimates place the number upwards of a couple of million.

On 1 April 2009, infected computers started attempting to "call home" (i.e., contact control servers in the botnet) in order to receive Conficker updates,
a process which some claims held would produce an apocalyptic cyber-event on that date and result in millions of computers being wiped out or large portions of the Internet being disabled. In the event, nothing (obviously) momentous occurred on 1 April and infected machines received no updates, although security experts cautioned that didn't mean Conficker wasn't quietly engaging in same nefarious cyber-deeds on behalf of its masters:

But even though nothing dramatic happened, Roger Thompson, AVG Technologies' chief research officer, warned against blowing the worm off.

"We expect that they have achieved their aim of building a fairly bullet-proof botnet, and will now simply farm it, which means they'll probably harvest credit card numbers, bank accounts and identities from as many victims as possible, and then do it all again," he said.

In February 2009, Microsoft announced it had formed a partnership with other technology agencies to coordinate a response to Conficker and was offering a $250,000 reward for information leading to the arrest and conviction of those responsible for launching the Conficker code on the Internet. In October 2008, Microsoft issued a patch to close a vulnerability in Windows-based systems that could be used for a wormable exploit, and in March 2009 it published an alert with instructions and tools for stopping the spread of Conficker and removing it from infected systems.

The Conficker Working Group also offers a quick "Eye Chart" test that users can employ to determine if their PCs might have been infected by Conficker.

Additional information:  

    Protect yourself from the Conficker computer worm Protect Yourself from the Conficker Computer Worm (Microsoft)
    Conficker To-Do List Conficker To-Do List (PC Magazine)

Last updated:   1 April 2009


    Mills, Elinor.   "Conficker Time Bomb Ticks, But Don't Expect Boom."

    CNEt News.   25 March 2009.

    Potter, Ned.   "Conficker Computer Worm Threatens Chaos."

    ABC News.   25 March 2009.

    Prince, Brian.   "Conficker: The Windows Worm That Won't Go Away."

    eWeek.   25 March 2009.

    Prince, Brian.   "Conficker's 'Big Day' Passes Quietly, But Was it Really a Bust?"

    eWeek.   1 April 2009.

    Worthen, Ben.   "Conficker: Don't Believe the Hype."

    The Wall Street Journal.   26 March 2009.

David Mikkelson founded the site now known as snopes.com back in 1994.

Read More

a Member

Your membership is the foundation of our sustainability and resilience.


Ad-Free Browsing on Snopes.com
Members-Only Newsletter
Cancel Anytime