What do most researchers think will happen Wednesday? Nothing at all.
“The probability of a major [Conficker]-related event taking place on April 1 is really not very likely,” said Weafer of Symantec, in an e-mail today. “In reality, the author or authors probably didn’t intend for this malware to get as much attention as it has.”
SecureWorks’ Joe Stewart agrees. “If the author(s) of Conficker planned some massive update of malicious code, they certainly wouldn’t do it on the one day everyone is watching for it,” he said in a separate e-mail.
Other researchers have noted that because Conficker.c controls far fewer PCs than either of its predecessors — the majority were infected with Conficker.b — even if the hackers make a move on Wednesday, it will be minor.
How do I know if I’m already infected with Conficker.c? The easiest way is to try to reach some of the popular Web sites that Conficker blocks. If you can’t get to microsoft.com, symantec.com, mcafee.com and secureworks.com, it’s likely you’ve lost control of your computer to Conficker. (The complete list of all 114 domains that the worm blocks can be found in SRI International’s excellent analysis of Conficker.c.)
I’m infected! What do I do? Run one of the many Conficker detection and cleaning tools to scrub the worm from your system. You can also use these tools to verify that your PC is, in fact, owned by the hackers.
Among your choices are removal utilities from: F-Secure, McAfee (download “W32/Conficker Stinger”), and Symantec.
Note: If your system is infected, you won’t be able to reach these download sites from that PC (see the previous question). Instead, download the tool from a clean machine, stick it on a flash drive and transfer it to the infected box.
I think my PC’s safe so far, but what can I do to protect it from future infection? The first thing you should do is apply the MS08-067 patch that Microsoft issued last October.
Second, make sure your antivirus software is running and up-to-date. Third, apply this Feb. 24 patch from Microsoft, then disable Windows’ Autorun feature, which Conficker.b can abuse in its attempt to spread via USB devices like flash drives.
