PC worm could strike on April Fool's Day
Its no joke that a potentially nasty virus lying dormant in millions of computers could be activated Wednesday - on April Fools Day.
From Microsoft to the Department of Homeland Security, precautions are being taken against the worm, known as Conficker.
A threat that potentially allows an individual to take over a computer is always of concern, said Amy Kudwa, a spokeswoman for Homeland Security, which Monday began offering state and local governments a tool to scan for the bug.Experts say its not clear just how much damage the virus might cause.
It can send out spam e-mail, it can do damage to discs, it can do anything, said Dan Scolnick, CEO of Computer Support of New York, a technology security firm. It could just say April Fools Day across every infected machine and thats it.
The worm enters a PC through a weakness in Windows and communicates with hundreds of Web addresses to get updates from its creator. Microsoft has been able to identify and dismantle many of those sites but on Wednesday, the worm is expected to choose from 50,000 IP addresses, too many to shut down. Wednesdays update could be D-Day for whatever Conficker has in store or it could just receive new marching orders that go unnoticed.
Microsoft is offering a $250,000 reward for information leading to whoever is responsible. The company also assembled a team of security experts who have been engaged in a frenzied cat-and-mouse game since October, trying to stay a step ahead of the worm, which has mutated several times.
It was designed to keep ahead of the anti-virus companies and Microsoft, said Joe Stewart, a member of the team, known as the Conficker Cabal.
Scolnick said that since he first heard about the virus months ago, he has installed security patches for his roughly 200 clients, most of which are city-based financial institutions.
Meanwhile, New York City sent out an alert Monday reminding its 200,000 users that Conficker whose name stems from the words traffic converter, embedded in the worms code might take some action Wednesday.
Were on alert, said Nick Sbordone, a spokesman for the citys information technology department.
Microsoft developed a patch last year to block Conficker, and those who regularly update Windows and use the latest anti-virus software are safe, experts say.
But those who have not been as vigilant could have a nasty surprise, said Carrie Tsui, of All Covered, a technology services firm in Manhattan.
Lets say youre one of those companies, where maybe you didnt patch or didnt have automatic patching, she said. Its Russian Roulette.
Frequently asked questions about the Conficker worm
Who may be impacted?
Conficker may attack the computer of any PC user who runs the Windows operating system and who hasnt been installing Microsofts security updates. The bug can infect any computer connected to the Internet without the user visiting any specific Web site.
How do I know if my computer is infected?
Commercially available anti-virus scanning software will be able to detect it. If you are unable to access Web sites for such software or for the Microsoft site, it may be a sign your computer is infected. Conficker blocks affected machines from contacting those sites.
What can I do to prevent an infection?
Enable the automatic updates setting on your computer or go to http://safety.live.com and run the free Windows Live OneCare safety scanner.
What should I do if my computer is infected?
An infected machine must be cleaned either by re-installing the Windows operating system or by contacting a computer specialist, who can run a de-bugging program. For more information, call Microsofts hotline at 1-866-727-2338.