Information concerning Conflicker - April's Fool Virus

Q. Does the worm begin being spread tomorrow, or is it already on the internet?

A. On April 1st the Conficker worm will simply start taking more steps to protect itself from detection - three variants are already "in the wild". The Conficker worm, sometimes called Downadup or Kido, has managed to infect a large number of computers. A PC may already be infected without any signs of problems. It is unlikely that 04/01, itself, will trigger a groundswell event, as the worm's authors prefer it to remain undetected.

Q. What does the Conficker worm do?

A. Most likely the worm will be used to create a botnet (automated program stealthily installed on the infected machine) that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites. It finds a vulnerable computer, turns off the automatic backup service, disables many security services, blocks access to a number of security web sites and then tries to spread itself to other computers on the same network.

Q. How does the worm infect a computer - and might I already be protected?

A. The worm tries to take advantage of a vulnerability to quietly install itself. Users who automatically receive updates from Microsoft are already protected from this. PCs that have current AntiVirus from reputable vendors, and constantly updated thread-profiles, are minimally exposed. It spreads from other (infected) PCs on the same network - home or work - versus by visiting an inappropriate website or via clicking on an electronic greeting card.

Q: How do I know if I am infected, what do I do if I suspect that I am?

A: Within the workplace, updated AntiVirus and scanning products should assure continued safety from Conficker. On occasion, however, these products can fail to receive updates - perhaps blocked by another virus - and then become vulnerable: Generally any noticeable, sustained degradation in performance could be cause for concern.

Symantec AntiVirus