As predicted by PandaLabs (http://pandalabs.pandasecurity.com/archive/Don_1920_t-get-taken-in-by-the-Conficker-panic.aspx), Panda Security’s malware detection and analysis laboratory, the much-feared reactivation of the Conficker virus, forecast for 00:00h on April 1, has yet to cause massive infections.
According to Luis Corrons, Technical Director of PandaLabs, “The ultimate aim of the virus is to obtain money. With the alarm generated by the media attention, security vendors have been working to avoid a potentially widespread epidemic. Evidently though, if someone is going to steal money, they are not interested in being headline news. That’s why we believe that its creator is trying to find a new zero-day vulnerability to exploit in order to spread the infection, but at a moment when our guard is down, not when everyone is on the alert.”
At 00:00h on April 1, Conficker started to generate 50,000 new URLs from which, supposedly, the malware would be able to update itself to a new version, starting a massive series of infections. However, until now, no new versions or additional infections have been detected other than those already associated to the previously active variants.
“It is still possible that at any moment one of these URLs could be activated and the worm could download an update to its code or new malware. In any event, this would only affect users who are unprotected against Conficker, although there are still many of them”, says Corrons.
Although there has been much speculation as to why the creators are trying to draw attention to Conficker, “The reality of today’s malware is that it is created with a financial motive. At PandaLabs we believe that the cyber-criminals behind this worm are still aiming to infect as many unprotected computers as possible. This way, with a critical mass of infected computers, they can then start to profit by renting out the network for sending spam, downloading Trojans to steal data and other fraud, etc.”
Ironically, one of the main dangers associated with Conficker, as described on the PandaLabs blog (http://pandalabs.pandasecurity.com/archive/Chapter-2.-The-Conficker-countdown-melodrama_2E00_.aspx) is not the worm itself, but the fact that cyber-crooks are exploiting the notoriety of this malware to distribute other malicious code from domains ranked highly in Internet searches for the word ‘Conficker’.
To avoid falling victim to Conficker and other malicious code, PandaLabs advises: