Conficker Worm Due on April 1
With the Conficker due to return on April 1, experts are warning users to make sure that their security software is updated.
Others, however, face risk from a worm that's spread rapidly and without a clear indication of its purpose, they told InternetNews.com.
"It's important for users to apply the known, basic, common-sense steps to protect themselves, even in light of increasing and increasingly sophisticated attacks," said Jenko Hwong, director of security products for security appliance vendor Mirapoint. "Conficker.C and April 1st won't bring Armageddon."
"If you have a legal copy of Microsoft Windows, you have invested ... in antivirus software, or you pay your service provider for secured Internet access -- most likely you are safe," said Ron Meyran, product manager for security for application delivery and network security vendor Radware. "The same applies for enterprise networks: Your corporate policy should cover such cases."
Nevertheless, the worm has still managed to spread widely. David Perry, global director of education at antivirus firm Trend Micro, told Internetnews.com several months ago that he believes about 10 million PCs have been hit.
Many of the infected PCs are inadequately defended. "If you run an illegal copy of Windows, your antivirus (if any) is a freeware, you are a DSL or cable subscriber and you never disconnect -- then you are the ideal target for self propagating viruses such as Conficker," Radware's Meyran said.
"And it will not be he first time your computer is recruited into a botnet, he said. "In fact, there is a good chance that you already host malware of more than one botnet."
Owners of many infected PCs won't know they're infected until April 1, added Trend Micro's Perry. "It's hard to spot Conficker's work."
Experts don't know what the worm will do on April 1, but they have some educated guesses. Tal Golan, founder and CTO of antispam appliance vendor Sendio, said that the worm will likely send out e-mail containing spam or malware, but that the e-mail will be a "smoke screen masking the real targets of the worm or virus."
All of the experts that InternetNews.com contacted agreed that Conficker's spread shows that many organizations are not up to date on their patches: The worm exploits a well-known vulnerability, published by Microsoft on Oct. 23, 2008. Anyone who applied the necessary patches since then is safe.
Security experts urged users who suspect they're infected to scan their PCs. Trend Micro's Perry recommended using security software based in the cloud, such as his company's Trend Micro Smart Protection Network for enterprise users. The company also offers a Web-based scanning service called House Call for home users.
Radware's Meyran said that one sign you're infected could be if some Windows system services have been disabled on your PC
The worm might be visible to any user: "It connects to a remote server in order to receive further instructions such as gathering personal information and downloading additional malware to the victim's computer. It also disables a number of system services such as Windows Automatic Update, Windows Security Center and Windows Defender -- all to prevent disinfection."
This article was first published on InternetNews.com.