Conficker Virus: Next Update, Attack April 1st

Dennis Faas's picture

According to security researchers, the Conficker worm virus -- which has infected millions of machines since its discovery in October 2008 -- is set to wreak havoc next Wednesday, April 1st.

The problem is that nobody is sure exactly what the worm will do.

At the moment the virus, which exists in at least three different 'strains', does not actually do anything other than attempt to spread further across the webosphere.

Secret Methods of Communication

All that's known at the moment is that on April 1st, PCs already infected with Conficker will contact a random website for instructions on what to do next. Conficker's creators have set-up a secret system of communication which tells the virus which website to visit for the update, but virus researchers don't know which site it will be.

At the moment it appears that next week's 'phoning home' will use a total of 500 random website addresses from a potential list of 50,000 sites. That's because the system creates random website addresses, which the people behind the website buy up shortly beforehand. (Source:

Airline Targeted By Mistake

The system has already hit one glitch: it randomly created an address belonging to Southwest Airlines which forwarded to its main website. Fortunately the firm was able to temporarily disable the forwarding feature before millions of infected computers brought its servers down.

Though security researchers believe they've figured how the virus phones home (so to speak), the numbers make it impractical to continue with the original tactic of buying up all the potential addresses before the hackers strike.

What Happens Next?

The worst case scenario is that the virus will either attempt to steal personal data from infected machines, or cause some other sort of damage. However, security researchers say this is unlikely as this would risk weakening the overall network of infected machines which the virus creators have built up.

Another possibility is that the machines might be set to intentionally contact website addresses that are known to be active in an attempt to crash the servers and bring the site down through a Distributed Denial of Service (DDoS) attack.

But while nobody should be complacent, there are a couple of reasons to remain calm.

It's possible that the April 1st schedule is a bluff and that the virus itself isn't capable of doing anything other than spreading. Another possibility is that anything the virus does at this stage will simply be a small demonstration that it works as designed. This would likely be the case if, as many have speculated, the virus creators are more interested in selling access to the network of infected machines to the highest bidder. (Source:

How to Prevent and Remove Conficker

If you are worried you might have the Conficker virus, there are free tools from Microsoft and BitDefender which may be able to remove it.

Rate this article: 
No votes yet