31 March 2009
The Conficker malware is programmed to generate thousands of domain names a day and, on April 1st, infected machines will start calling home to the authors for further instructions. However, as Joe Stewart explains, this does not mean there will be a computer meltdown on April 1.
Here’s why you shouldn’t fear the worm’s activation date:
Conficker.C is already able to receive updates via its P2P protocol today, so focusing on the April 1st date is misguided.
Don’t underestimate the reach of the Conficker Working Group. These are the security industry’s heavy-hitters, and you can be sure they are working diligently to mitigate the domain issue.
Even though there are 50,000 domains to look at, they are being closely monitored, and if any malicious servers do appear, they will likely be taken down or null-routed very quickly.
If the author(s) of Conficker planned some massive update of malicious code, they certainly wouldn’t do it on the one day everyone is watching for it.
For the best analysis of what Conficker is — and isn’t — read this detailed analysis by SRI International.