Conficker: Why I can't tell you what it will do on April 1st

Filed Under: Malware


There's been a lot of media interest in the last few days regarding what the Conficker worm might do on April Fool's Day.

Well, here's the bad news. I'm afraid it's not possible for us to analyse any potential payload as it is not yet present in the Conficker code.

Some people have got rather confused as to what the April 1st deadline really means. The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.

So, setting the PC's clock forward to April 1st will not allow anyone to analyse the payload as it won't be available for download yet.

By the way, there is no guarantee that the download will happen on April 1st - it could happen on any day after that depending on when the authors choose to register a domain out of the 50,000 for each day.

Let's not forget that history has shown us that focusing on a specific date for an impending malware attack has sometimes lead to nothing more than a damp squib.

Of course, if you are infected by the Conficker worm now would be a very good time to download a free Conficker removal tool.

More information about Conficker:

* Image source: Jean et Melo's Flickr photostream (Creative Commons)

,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.