Virus to erupt in PCs April 1

00fxm514vjk8
No Gravatar

By Nick Lewis

Published in The Calgary Herald and Edmonton Journal on March 26, 2009

It's a malicious virus that could attack computers on April Fool's Day, and it's no laughing matter to the millions of people who could be affected.

The Conficker C Internet worm is a brand-new, sophisticated computer virus that latches onto Windows PCs via unreliable websites and infected downloads. It exploits weaknesses in Microsoft's operating system and conceals itself on a hard drive, laying dormant until April 1 when it will "call home" and search for new instructions from its originator, say Internet experts.

While hundreds of computer viruses have been unleashed and eliminated since the 1980s, what's scary about Conficker C is that no one knows what it does or what it intends to do. It may prove to be the world's biggest April Fool's joke, or it could have the potential to take over your machine and steal all your personal data.

"Somebody thinks this is funny, but we certainly don't," says Byron Holland, president and CEO of the Canadian Internet Registration Authority.

Launched in October, the worm works in two stages, the second of which is expected to commence on April 1.

"The first stage is to go out and infect as many unprotected computers as possible," Holland says. "The next stage is for that whole network of computers, what we called a 'botnet,' to try to reach out and communicate with a centralized command and control centre which will give it some direction."

To hide its tracks, the worm creates a list of tens of thousands of domain names, any of which could become a command and control centre.

"By creating that large list, it makes it harder for those of us in the security community to really isolate the command and control centre,"Holland says. "We don't know who's behind it and as a result, we don't know their intent."

Once a computer is infected with Conficker, it can be controlled by the creator of the worm. The infected computers are used to send spam to millions of other Internet users or to directly send the virus to other computers. The infected computers form a botnet, and this network can then be used to gather personal information--anything from your personal browsing history to your credit card numbers.

"There's some claims that it could be a pretty serious worm," says Stu-art Crawford, VP at Calgary-based IT firm, Bulletproof InfoTech. "It could call home and install something potentially serious.Or it could all be a dark April Fool's joke just to leave everyone on edge. We have no idea."

Because this worm wiggles across the World Wide Web, Calgary's PC users are just as at risk as any others.

"Because of the connected, global world we live in, no computer user anywhere is any more or less susceptible to these viruses," Crawford says. "They may originate in one area, but it doesn't take long to spread via the Internet."

The program does not infect Macintosh or Linux-based computers. An estimated 12 million Windows-based PCs around the world are already hosting the worm since its launch in October. Microsoft has since offered a reward for any information leading to the capture of the worm's originator.

"Every system has their vulnerabilities, but people write viruses to attack Microsoft systems because they have 90 per cent of the market share, giving any virus a more dam-aging effect,"Crawford says. "Why bother writing software when it affects only a niche audience?"

While in its early stages it was possible to identify and erase the Conficker worm with commercially available antivirus tools. Conficker C, its third and latest version, supposedly removes those preventive programs and turns off Microsoft's security update service.

The program also opens holes in firewalls in an attempt to improve communication with other infected computers. Pirated versions of the Windows operating system, many of which are in use in the developing world, are especially at risk.

"This is a smart worm," says Holland. " We worked with our international colleagues to reverse-engineer the code, that's how we know when it will be deployed as well as what domains it will be hitting.

"Fundamentally, the challenge lies with unprotected computers, computers that either have older or out-of-date operating systems that are not updated, or pirated versions of the operating system that don't get updated."

The good news for PC users running retail versions of Windows is that the virus is preventable with a downloadable security patch from Microsoft.

Crawford, who has 15 years of experience in information technology, says now is the time to update and protect your PC.

"Most people get that annoying message that pops up asking them to update their antivirus software, and they dismiss it and never get around to it,"he says. "If the patches haven't been applied, your vulnerability is much greater."

If you'd like to download the latest Microsoft patch to protect your Windows- based machine, visit technet. microsoft.com. For more information on the Conficker C virus, visit Bulletproofitblog.ca

© Creative Commons image.