Conficker.C - The April Fool's Day Worm

Everyone is wondering what April 1st will bring when it comes to the Conficker.C Worm

As you may have remembered, Conficker Worm has been a serious epidemic ever since it affected millions of computers during the last few months. The newest variant, Conficker.C, is expected to start performing malicious actions on April 1st but researchers do not know what exactly will take place.

Currently one thing that has been determined and verified about Conficker.C is that it is hard-coded with the date of April 1st, April Fool's day. Security researchers expect that April Fool's day will be more than just a hoax when the Conficker.C worm starts to contact its controllers, which will give the worm instructions to carry out on infected computers around the world.

The original Conficker Worm and other previous variations such as Conficker B++, also known as Downadup or Kido, built a botnet mostly through the exploitation of the MS08-067 vulnerability in Windows. Since then Conficker has been upgraded to deviate past many roadblocks put in place to limit the spread of Conficker. Conficker.C adds these defensive measures so that it protects itself from detection and removal eventually affecting even more computers.

What else do we know about Conficker.C?

Conficker.C disables Windows Automatic Updates and the Windows Security Center. Other variants of Conficker, Conficker.A and Conficker.B, have been dissected and understood to the point where we know what malicious actions it performs. Many security firms are able to provide tools to effectively remove all variants of Conficker including Conficker.C because of the knowledge gained from Conficker.A and Conficker.B during the time that millions of computers were infected with this malevolent worm. Conficker.C is also known to detect and kill SysInternals' Process Explorer program and other search-and-destory programs such as SysClean. Knowing this has may prompt many computer users and experts to be certain that their security software is actively working.

On April 1st, Conficker.C is expected to contact about 50,000 domains and then start downloading either particular instructions or malicious files. It remains to be a mystery as to what the bots will do on this day. Conficker.C may have been able to spread by avoiding the DNS actions put in place to limit or stop the spread of Conficker.A and Conficker.B.

What are people doing now to prepare for April 1st when Conficker.C starts its malicious actions?

Many security firms are advising computer users to keep all software up-to-date including applying all patches and security updates for Windows from Microsoft. In addition, computer users are asked that they make sure that their security software is up-to-date and properly working. Because Conficker is known to disable security software or certain software updates, it may be best to actually make sure that your software is operating and not inactive.

Conficker.C is by far one of the most advanced computer malware infections mainly because no one is really able to crack it yet. Security firms are still clueless as to what Conficker.C will do and this alone makes Conficker.C a potentially dangerous worm that should not be taken lightly by anyone especially when April Fool's day rolls around.

What are your plans for April 1st - April Fool's Day? Will you be reading the latest information about Conficker.C or do you plan on sharing an April Fool's Day joke about your computer crashing because of Conficker? It may not be that funny if that really does happen.