Conficker Part II: we’re not trying to beat a dead horse here, nor be fear mongers; our goal is to be realistically managing risk. Conficker was set to go active on April 1st, but not a lot happened. Infection estimates tended toward the millions, as high as 15. That’s a sleeping bear that you likely don’t want to stir. Now, as we are a bit more into April and the thaw is upon us, the hibernation appears to be over, even if the only result is a still sleepy bear, rubbing his eyes and with a big yawn, wondering out of its cave. As though part of a bad April Fools prank, it appears as though Conficker is starting to stir, with reports from security researchers that it is just beginning to send out a payload to infected hosts that, while heavily encrypted, is reported to likely be logging keystrokes and designed to steal personal information.
Because Conficker is able to communicate with other infected hosts and download updates to itself (in the form of new payloads), it is able to morph into a new virus, able to do more damage to a system or be used for distributed attacks against larger environments. Because Conficker disables anti-virus software and Automatic Updates from Windows, the best fix is to download and run a tool designed for the task. You can download a free removal tool at Sophos.com.
