Is Conficker the start of the biggest botnet in history?

Conficker worm infected machines may comprise one of the biggest networks of robot computers (botnets) in Internet history if security experts’ fears are proved correct. From midnight on 1 April, the Conficker program will start scanning thousands of websites for a new set of instructions telling it what to do next.

Conficker – also known among security experts as “Downadup” was first discovered in November last year, being sold as part of a kit by a Chinese hacker. Since then, two variants have been spotted in the wild as the virus has gone on to infect more than 10m PCs.

Microsoft has offered a bounty of $250,000 (£176,000) for the identity of Conficker’s creator, who currently remains unknown. Usual methods of unpacking the virus code to examine its workings have been thwarted because the authors have encrypted it, using algorithms that render it almost uncrackable.

For more aspects of this story see Conficker virus – deadly threat or April Fool’s joke

Parliamentary computers infected by Conficker worm

The House of Commons internal computer network has been infected by the “Conficker” worm and has had to ban its users from attaching outside storage, such as USB memory sticks, in case it gets reinfected. An estimated 10 million PCs worldwide have also been infected and experts fear next week will see problems worsen. For more on this story, see the article House of Commons network hit by Conficker computer worm from guardian.co.uk

If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:

  • Account lockout policies are being tripped.
  • Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.
  • Domain controllers respond slowly to client requests.
  • The network is congested.
  • Various security-related Web sites cannot be accessed.

For more information about Win32/Conficker.b, visit the following Microsoft Malware Protection Center Web page http://www.microsoft.com/security/portal/Entry.aspx?Name=Win32/Conficker

Network managers can also stop Conficker from spreading by using Group Policy, and creating a policy that applies to all computers in a specific organizational unit (OU), site, or domain in your environment. For more details on this process see Microsoft Help and Support Article ID 962007