Origins: Conficker.C (also known as Kido or Downadup) is the third iteration of a worm which first began slithering its way onto Windows-based PCs in November 2008, with each version growing more sophisticated than the last. Like many other forms of malware, after it has infected a target computer (by downloading a Trojan), it tries to prevent its removal by disabling anti-virus software and blocking access to security-related web sites.
The Conficker worm's purpose is to create a "botnet" of infected computers that can be controlled by Conficker's creators, allowing them to engage in such activities as stealing stored information from those computers, launching attacks against particular web sites, or directing infected machines to send out spam e-mails. Although no one is quite sure how many computers have already been infected by Conficker, estimates place the number upwards of a couple of million.
Beginning on 1 April 2009, infected computers will start attempting to "call home" (i.e., contact control servers in the botnet) in order to receive Conficker updates, which has led to claims that some apocalyptic cyber-event will occur on that date and result in millions of computers being wiped out or large portions of the Internet being disabled. Although no one really knows what's going to happen with Conficker on (or after) that date, security experts have opined that it likely won't be nearly as substantial as some of the wilder speculation would have it:
Security researchers say the reality is probably going to be more like what happened when the clocks on the world's computers turned to January 1, 2000, after lots of dire predictions about the so-called millennium bug. That is, not much at all.
"It doesn't mean we're going to see some large cyber event on April 1," Dean Turner, director of the global intelligence network at Symantec Security Response, said.
It's likely that the people behind Conficker are interested in using the botnet, which is comprised of all the infected computers, to make money by distributing spam or other malware, experts speculate. To do so, they would need the computers and networks to stay in operation.
"Most of these criminals, even though they haven't done something with this botnet yet, are profit-driven," said Paul Ferguson, an advanced-threats researcher for Trend Micro. "They don't want to bring down the infrastructure. That would not allow them to continue carrying out their scams."
In February 2009, Microsoft announced it had formed a partnership with other technology agencies to coordinate a response to Conficker and was offering a $250,000 reward for information leading to the arrest and conviction of those responsible for launching the Conficker code on the Internet. In October 2008, Microsoft issued a patch to close a vulnerability in Windows-based systems that could be used for a wormable exploit, and in March 2009 it published an alert with instructions and tools for stopping the spread of Conficker and removing it from infected systems.
Protect Yourself from the Conficker Computer Worm (Microsoft)