Computer Worm to attack on April Fool’s Day

Rumors has it, the dreaded fast-moving computer that infected at least 3 million computers, is set to attack again on April 1, 2009.

The army of Conficker-infected machines, known as a “botnet,” could be one of the greatest cybercrime tools ever assembled. Conficker’s authors just need to figure out a way to reliably communicate with it.

Infected Machines need commands to come alive. So far, Conficker-infected PC’s have been trying to connect each day to 250 Internet domains. The hackers needs to get just one of those sites under their control to send their commands to the botnet. (The name Conficker comes from rearranging letters in the name of one of the original sites the worm was connecting to.)

Conficker has been a victim of its success, however, because its rapid spread across the Internet drew the notice of computer security companies. They have been able to work with domain name registrars, which administer Web site addresses, to block the botnet from dialing in.

Now those efforts will get much harder. On April 1, many Conficker-infected machines will generate a list of 50,000 new domains a day that they could try. Of that group, the botnet will randomly select 500 for the machines to actually query.

Microsoft recently issued a patch for the flaw targeted by the Conficker worm, and suggested the use of strong password to prevent much of the spread.

Damballa, a company focused on botnet detection, said Conficker was far from being a major problem in the typical enterprise.

“We do see Conficker compromises in enterprises, but they comprise a minority of the total number of compromises we see in these environments,” said Tripp Cox, vice president of engineering for Damballa. “The majority is the long tail of smaller botnets.”

According to virus researcher and anti-virus maker F-Secure Corp. The Conflicker worm does not affect Apple computers.