By Elinor Mills
Thursday, April 02 2009 09:20 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,62052774,00.htm

As expected, the Conficker worm failed to cause the digital pandemonium that some may have feared. So, can we all just go back to playing on Facebook and watching the game now?

Not really. Just because the worm failed to create much of a stir on the day it was set to activate, April 1, doesn't mean it won't wake up and act later.

"The (malicious) hackers can tell their worm to do something any day of the year; they're just as likely to do it tomorrow or next Wednesday or in August," said Graham Cluley, a senior technology consultant with Sophos.

Then why the April 1 message in the code?

Cluley says he doesn't know. "This was such an invisible change inside the code. It was inconsequential to the infected computer that maybe (the creators) didn't think there would be such a frenzy," he said.

Today, as on any day, PC users should make sure their systems are patched and running the latest security software. People should patch their systems to close the hole in Windows it exploits and update their antivirus software. The major antivirus vendors all have free Conficker removal tools.

The worm also can spread via network shares and removable storage devices like USB thumb drives. So users are advised to use strong passwords when sharing files on a network and to download a patch Microsoft released to address the Autorun feature problem in Windows that makes using removable storage risky.

Oh, and be careful about searching for Conficker removal software on Google. Scammers have managed to get fake security sites among the top searches, Cluley said. Bogus sites are designed to steal your credit card information and could install malware on your computer instead of a legitimate security program.

So, what is the intention behind the worm, anyway? Why all the fuss?

Like many other worms, it's likely the Conficker worm is designed to create a botnet that could be used to send spam, launch denial-of-service attacks to shut down Web sites or steal data from infected computers.

David Perry, global director of security education at Trend Micro, said he suspects that the worm creators will slice up the botnet and sell it to spammers via underground forums, like they did with the Storm worm.

"The funny thing is that everyone has these expectations that come to them from science fiction viruses. In the movies they blow up the terminal, tip over an oil tanker and bring aliens out of the sky," said Perry. "In reality, the kind of thing a botnet does is much less visible. It's a lot more insidious of them to steal your bank password than to blow up your computer."

Update 9:45 a.m. PDT Microsoft is offering a US$250,000 reward for information leading to the arrest of whoever is responsible for the Conficker worm, but this isn't the first time the company has done that. Microsoft launched its US$5 million Anti-Virus Reward program fund in 2003 and offered US$250,000 rewards each for the MSBlast worm, the Sobig virus, the MyDoom virus and the Sasser worm, but only ended up paying out on Sasser.

This article was first published as a blog post on CNET News.