Whatever Happened to the April Fool's Day Worm?
The Conficker worm first appeared last fall and by February had infected perhaps 9 million computers worldwide, shutting down their access to security Web sites and disabling installed security software. The worm looked primed to deliver another nightmarish payload on April 1—a notoriously active day for hackers, and what appeared to be an activation date embedded in a recent iteration of the worm.
But April 1 came and went, with no major disasters. It turns out that nobody needed to worry about April Fool's Day problems. Instead, they needed to worry about April 7 and 8.
On April 7, Trend Micro researchers noticed that the worm was beginning to spread via peer-to-peer networks. It's not clear what it was doing, but David Perry, the global director of security education here at Trend Micro, said he suspected it was either a keylogger program or some other program intended to steal data.
One of the reasons it's difficult to know exactly what Conficker is up to is that it's heavily encrypted and hiding behind a rootkit. We know that it tries to connect to a variety of popular websites, including MySpace, AOL.com, CNN.com, and a few others, in order to make sure the infected computer is hooked up to the Internet. We also know that it was supposed to shut down on May 3 after deleting all traces of its presence.
Our researchers continue to keep a very close eye on the DOWNAD/Conficker worm. Check out the TrendLabs Malware blog for important ongoing updates.
Trend Micro needs your help! Instead of just guessing what new products you'd like to see or how we might improve our users' experience, we're taking the question straight to you and other Trend Micro customers. If you've got opinions, we'd love to hear them—and to prove it, we've got a $50 American Express gift certificate waiting for you.
Read more >