Computer security experts say they expect a troublesome worm to become even harder to deal with on April Fools Day. That's when the DownAD worm, also known as Conflicker, is set to morph into an even harder-to-detect virus.
Much has been said about the DownAD worm and its enigmatic payload that will supposedly be unleashed on April 1st, Trend Micro said in a statement on its Web site. But online threat history tells us that trigger/activation dates of equally hyped malware have come and gone without much fanfare. Whether or not April 1 will play out to be D-Day indeed, the security industry will be keeping an eye out for any malicious activity — like it should.
Don't look for an explosive growth of the worm on April 1. In fact, the program is already lodged on millions of computers and networks worldwide. As security experts have worked to improve ways to detect and eradicate it, DownAD's creators have come up with more clever ways to avoid detection. On April 1, that plan goes into effect.
Based on our collective technical analysis, weve determined that systems infected with the latest version of Conficker will begin to use a new algorithm to determine what domains to contact, Trend Micro said. We have not identified any other actions scheduled to take place on April 1, 2009.
The latest variant, which was detected as worm DownAD.KK, first detected on March 4, 2009, includes an algorithm to generate a list of 50,000 different domains. Five hundred of these will be randomly selected to be contacted by infected PCs beginning April 1, 2009 to receive updated copies, new malware components, or additional functional instructions.
Infected computers can download malware that can steal data or turn control of the infected computers over to hackers, who operate them remotely as a vast zombie computer army.
Some security experts say DownAD's real threat is its potential ability to harness computing power of a botnet to crack passwords. Microsoft has modified its free Malicious Software Removal Tool to deal with DownAD and the software company has offered a $250,000 to reward for information leading to the conviction of those responsible for it.
Not only is the worm hard to detect, it's also hard to get rid of. Most victims are never aware their computer is infected. One way to tell if you computer has the worm is that it will prevent you from connecting with security firm Websites like Symantec or Trend Micro, which have online tools capable of detecting and removing the virus.
"The FBI is aware of the potential threat posed by the Conficker worm. We are working closely with a broad range of partners, including DHS and other agencies in the U.S. government, as well as throughout the private sector, to fully identify and mitigate the threat," said Shawn Henry, assistant director of the FBI's Cyber Divison.