April 1 and Conficker

Next story

Information and Conficker Removal Tool.

No need to panic. But it´s good to know how to stay secured.

What is Conficker?

The worm's initial version in the end of 2008 contained a link to a domain known as the center for the spread of spyware and false anti-virus products. It exploits a known vulnerability in Windows OS, which only contributes to its spreading on a massive scale. The authors of the worm have programmed it to spread not only via the internet by exploiting vulnerabilities in the Windows OS, but also to propagate via exchangeable media. The worm is programmed in such a way as to be remotely controllable, once infected PCs become a part of a large botnet – a network of PCs used to send spam and/or other dangerous forms of malware. Computer security experts agree that Win32/Conficker.X, (also dubbed by some vendors as Conficker.C, Conficker.D, Downadup or Kido) poses even a greater threat than its predecessors.

Why April 1?

The new variant of Conficker is unique in that it is programmed to radically increase the number of internet domains the worm checks in to for instructions come April 1st. While the existing variants of the worm  check in to domains  numbering in the hundreds a day, after April 1st, this number is expected to climb dramatically to as much as 50, 000 a day. As yet, computer security experts do not have a clear idea as to the nature of the command for those PCs, which have already been infiltrated.

What capabilities has Win32/Conficker.X?

  • modifies DNS, blocking all tools  related to operating system security
  • blocks or terminates security software applications
  • has the ability to communicate within peer-to-peer network (P2P)
  • starting April 1st, 2009  it will check in for instructions from up to 50 000 domains a day

How to stay secured? 

Have updated Windows OS. Download Windows patches from the following sites - MS08-067 , MS08-068a MS09-001.Install ESET Smart Security 4 or ESET NOD32 Antivirus 4. Due to advanced heuristics used in a proccess of malware detection it detects and removes Conficker worm as well as other malware.
We recommend changing your system passwords to admin accounts (use a combination of letters and numbers)

Conficker Removal Tool

If your PC wasn´t secured and you´re not sure about its safety status, use our free scanning tool ESET Online Scanner. If it alerts you on Conficker worm please follow the instructions:

  1. Download an  one-off ESET application    (again, using a non-infected PC) which will remove the worm.
  2. Use an uninfected PC to download the respective Windows patches from the follow MS08-067 , MS08-068 a MS09-001
  3. Install ESET Smart Security 4 or ESET NOD32 Antivirus 4.
  4. Reset your system passwords to admin accounts using more sophisticated ones.


What could I expect after April 1?

The main goal of the authors of the worm is to construct and consolidate a botnet of unprecedented proportions that can be exploited for a massive attack against the internet infrastructure or for a mass-scale espionage.

ESET assumes that nothing dramatic will happen, but we will see change in the communication protocol of Conficker worm - instead of hundreds of domains, it´ll contact up to 50 000 domains.