Skip to main content

Conficker 3.0: April Fool's joke or serious security threat?

This article was published in Scientific American’s former blog network and reflects the views of the author, not necessarily those of Scientific American



On supporting science journalism

If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.


It could be just another April Fool's joke, but just in case, security experts are warning Microsoft Windows users that the creators of the Conficker computer worm may launch a new campaign tomorrow to infect as many PCs as possible with their malicious software. This third generation of Conficker—the worm has been on the loose since November and has infected nearly 15 million computers—is expected to use new methods of spreading that security pros have yet to completely block.

The latest version of Conficker (which has various aliases, including Conficker.D, Conficker.C or Downadup.C) snuck onto computers already infected by one of its predecessors. According to Microsoft's Security Response Center Web page, this new version, which the company refers to as Conficker.D, does not spread by attacking new systems. Conficker.D does, however, have a new "peer-to-peer" updating capability that could enable infected systems to spread or receive instructions from those controlling the worm (it's creators remain at large) to steal info from infected computers or generate large amounts of spam e-mail that could clog the Internet and slow its performance, according to a Web posting by the Conficker Working Group (a team of computer security specialists formed by Microsoft, Internet Corporation for Assigned Names and Numbers (ICANN), and various security software makers to keep the worm from spreading).

The worm has already infected the French Navy computer network Intramar, U.K. Ministry of Defense and Great Britain's House of Commons, among others. Like a computer virus, a worm is a software program that can travel over a network and enter a computer through a flaw in that computer's software or operating system. Unlike a virus, a worm can automatically copy itself from one computer to another.

A common worm behavior is to raid the address book on a user's computer and send out copies of itself via e-mail to all contacts in it. This mass e-mailing not only spreads the worm, it also clogs networks, making them sluggish.

As with any infection, the best way to protect oneself is to avoid getting it in the first place. Microsoft and its competitors sell a variety of security software to patch holes in Windows and other programs. Other measures to protect against Conficker and other worms include setting up a firewall that screens information entering your computer from the Web and avoiding e-mail attachments if it's not clear where they came from or what they'll do when opened. If a worm does wriggle its way into a computer, it has the ability to lock users out of that computer, disable security software already installed on the computer, and/or block users from accessing Web sites that sell security software.

It's a mystery who unleashed Conficker on the world, but CNET reports that Vietnamese security firm BKIS says it has clues suggesting the worm may have originated in China. BKIS claims to have spotted similarities between Conficker's code and that of the 2001 Nimda worm, which the company believes was made in China. There were earlier rumors that it might have hailed from Russia or Europe, according to CNET.

Some Internet security firms point out that no one actually knows what Conficker will do on April 1, so there's no reason to act as though the sky is falling. According to a blog earlier this month by Boston-based security firm Sophos Plc., "It's quite possible that Conficker will not do anything significant on April 1st. Certainly it won't be 'deadly' and your computers won't melt."

The FBI today issued a statement about Conficker indicating the agency will be on alert to "fully identify and mitigate the threat" and warning the public not to fall for spam e-mails that might unleash the worm on their computers.

Image ©iStockphoto.com/ Baris Onal

Larry Greenemeier is the associate editor of technology for Scientific American, covering a variety of tech-related topics, including biotech, computers, military tech, nanotech and robots.

More by Larry Greenemeier