Two years after it first appeared, the Conficker worm still poses a threat even though it has been relatively quiet as of late. Since it first emerged, the Conficker Working Group, a team of experts who collectively work to fight the Conficker worm, has had its hands full. While the team has done an admirable job of stifling Conficker’s impact, Conficker continues to lurk in the background.
Conficker is a botnet type of malware that infects computers by being downloaded from the Internet or from a mass storage device that has a copy. What makes Conficker especially dangerous is its flexibility. Unlike most other malware that just uses a host computer to send spam or steal personal information, Conficker can be asked to do a variety of things.
Thus far, no one has used the Conficker botnet to carry out any massive attacks. However, its author is still unknown, and the mechanism that would enable someone to seize control of the Conficker botnet is still out there somewhere. Given that the Conficker botnet consists of millions of computers, any attack using the botnet could be devastating.
All evidence seems to suggest that Conficker’s author is a malware expert. He or she has constantly made improvements to Conficker’s code, repeatedly putting obstacles in the way of the Conficker Working Group. Thus far, Conficker exists in several variants and has spread quite rapidly. Seven million government, business, and home computers in over 200 countries have reportedly been under Conficker’s control.
Further complicating things, Conficker is subtle. Since it is not the kind of malware that causes immediate problems for its victims, most users with infected computers don’t notice that their computers have been compromised, probably by design. As many malware authors have learned, the malware business is often a matter of finding an optimal balance between stealing as many computer resources as possible and not getting reported. Conficker’s author has apparently operated under this notion and perhaps was the first to prove the theory on such a large scale.
There is some good news surrounding Conficker though. Some reports suggest that Conficker is fading, having dropped from first to third on one computer security firm’s global top ten threats report in January. Also, it’s reassuring to know that it’s possible to remove Conficker from infected PCs. Running a reliable antivirus program from a CD rather than from the computer’s own hard drive typically does the trick. Alternatively, doing a “clean install” of a system may also be effective, but you’ll lose data that isn’t backed up. Finally, if you first want to find out if your computer is infected, you can perform this simple test.