Computer worm scheduled to strike on April Fool's Day (NECN: Scot Yount) - April Fool's Day is known for pranks. But tomorrow could be no joke for computer users. Security experts are warning that a computer worm that's infected millions of computers could disrupt systems everywhere. It...
By Hiawatha Bray Globe Staff / April 1, 2009
Today may see the beginning of a global online crime wave - or the biggest April Fool's Day joke in Internet history.
It all depends on what happens to as many as 15 million personal computers that could be infected with an insidious worm called Conficker. On April 1, these machines are supposed to receive new instructions from the worm's creators via the Internet. And computer security experts don't know what to expect.
"There's just no way to tell," said Fred Rica, who oversees the computer threat and vulnerability management practice at PriceWaterhouseCoopers LLP in Florham Park, N.Y. There might be a surge in spam e-mails or digital attacks on major Internet sites, or, said Rica, "it could be a nonevent."
First spotted in November 2008 by computer security researchers, Conficker attacks computers running Microsoft Corp.'s Windows XP or Vista operating systems. Conficker is made possible by a security flaw in the Windows software that allows an infected machine to spread the worm to other Windows computers through the Internet. Microsoft issued a fix for the problem months ago, but millions haven't installed it. Conficker can also be spread by infected removable disks or USB drives. If a machine is already infected, getting a cure can be difficult, because Conficker will block the computer from visiting websites that provide antivirus products.
Computer security experts say Conficker has infected relatively few US computers. It's mainly attacked machines in countries like China and India, where millions use unauthorized copies of Windows. Microsoft does not provide automatic security updates for pirated software.
But Richard Wang, manager of Sophos Labs US in Burlington, a major computer virus research center, said Conficker-infected machines in other countries could have a big impact in America. "You don't have to be infected by Conficker to receive the spam it sends," Wang said.
Conficker has already drawn blood. It forced the French Navy to ground some of its fighter planes and tainted so many desktop computers at the British Ministry of Defense it took two weeks to repair the damage. And this happened even before the worm went active.
Computer researchers who analyzed the Conficker code found that infected machines are supposed to contact remote servers over the Internet on April 1, and download a set of instructions. But only the unknown vandals who created Conficker know what these instructions will be.
The experts fear that Conficker will transform the infected machines into a "botnet" - a remote-controlled computer network that could launch digital attacks on major online services or crank out billions of spam e-mail messages. Or the Conficker masterminds might order the computers to do nothing at all - at least, not yet. After April 1, the infected machines will keep trying to download new instructions every day. So a wave of Conficker-related cybercrime may not strike for days, weeks, or months.
"The whole date of April 1 has been blown a bit out of proportion," said Wang. "Focusing on a single day is really not the answer to this kind of security problem."
Instead, Wang said that computer users must consistently use good security practices. Windows computers should be set to automatically download and install the latest security patches, and users should always run an up-to-date antivirus program.
Those who suspect that their machines have already been infected with Conficker may not be able to directly download a program to remove the worm, because Conficker can prevent this. They should use a different computer to download a removal program, and then install and run this program on the infected machine.
Removal programs are available at the website of Microsoft Corp. and major antivirus software makers like Symantec Corp., Sophos PLC, and McAfee Inc.
Hiawatha Bray can be reached at bray@globe.com. 
No comments:
Post a Comment