Tuesday, March 31, 2009

Worried about Conficker worm? Experts say, 'Don’t panic'

By Mass High Tech staff

Video Gallery

Google's Summer of Code

The Murphy brothers' software-selling family tree

Rodney Brown on NECN: Hacking into medical devices

Related News

Microsoft, TomTom settle IP lawsuits [March 30, 2009]

Former FAST execs launch startup Induct [March 10, 2009]

Digital Reef surfaces out of stealth mode [March 2, 2009]

Microsoft’s NERD campaign begins [February 16, 2009]

New England spared in Microsoft’s job cuts [January 22, 2009]

The latest tool in the hackers’ attack on corporate computing is the so-called Conficker worm, which is set to be triggered in any infected computer tomorrow, April Fool’s Day. While the media has latched onto it as possibly the next Y2K, the reality is, it is not panic-worthy.

While the worm — also known as W32.Downadup — is considered a medium-level threat according to Sophos PLC’s website, it could possibly open up any Windows-based computer running Windows 95 through Vista to infection by other, possibly more serious problems, including making the computer a slave in a bot net, making it send out spam and malware to other computers to become infected.

The worm has been known about for at least six months, and all of the major PC security software firms — Sophos, Symantec Corp. and Kaspersky Lab Inc., among others — have removal tools easily available for download from their websites. There is even an official “Conficker Cabal” created to counter the effects of the worm. Among its founding members are Microsoft Corp., AOL LLC, Symantec and Lexington’s own Arbor Networks Inc.

Most security experts believe Conficker is an elaborate April Fool’s prank, said Roel Schouwenberg, senior research engineer at Kaspersky — an explanation the virus researcher finds doubtful.

“There is potential for these guys to do anything, pretty much,” Schouwenberg said. “They will use (their bot net), otherwise, they wouldn’t have gone to the trouble of getting part of it back.”

Kaspersky, with its U.S. headquarters in Woburn, was part of the Conficker Working Group, which stymied an original version of the worm’s bot net earlier this year. Conficker attackers worked hard to create a second version of the virus that would partially circumvent the working group’s tactics, Schouwenberg said. However, because of how well-known the worm is, experts say it is not a bigger threat than what most people face daily on a PC.

“People don’t need to be much more concerned about this than they need to be about any other viruses,” said Richard Wang, the Burlington-based manager of SophosLabs U.S., the research division of Sophos PLC.

And tomorrow isn’t really the day to be worried about, Wang said. “The date of April 1 is not necessarily the day that Conficker will do anything — it is the first day on which it might do anything. The criminals behind it may update it on the 10th of April, or the 1st of May.”

“Conficker itself is pretty well-known to the security community, so if you have security tools installed you are probably safe. If you want to go to a site and get a free removal tool, by all means do so but make sure your are going to a reputable site,” Wang said. “Go to one of the major (anti-virus) vendors — our own site or one of the others.”

For the latest tools and techniques to combat the worm, go to www.downadup.com.