Conficker's activation deadline has passed without a big bang. Still security researchers say that doesn't mean the threat posed by the Conficker worm is gone.
The Conficker worm's
supposed doomsday deadline has passed quietly.
According to security vendors, so far there has been no dramatic activity.
"McAfee Avert Labs has been closely monitoring Conficker-related threats
and, we haven't observed any significant activities on the domains that
it is polling for thus far," blogged McAfee researcher Shinsuke Honjo.
"Even so, please remain vigilant and watch this space for any further
updates to the current status."
Conficker.c was programmed
begin contacting command and control servers in search of an update
starting at midnight GMT April 1. The worm generated a list of 50,000
pseudo-random domain names and selected a subgroup of 500 to contact.
Though that process has started, security researchers noted that the
actual update may not even come today.
"The most likely outcome on April 1 is denial-of-service conditions
resulting from increases in network bandwidth," opined Gartner analyst
John Pescatore. "The major risk of Conficker
is the ongoing threat that compromised PCs present to both enterprises and home users."
The current variants of the worm spread by exploiting a patched
Microsoft vulnerability as well as via network shares by logging on to
computers with weak passwords. The worm can also spread using removable
Experts have estimated that millions of computers are infected with
Conficker despite the Microsoft patch and a plethora of removal and
detection tools. The sheer number of compromised PCs could
constitute one of the largest botnets ever. But it still remains to be
seen what the minds behind the worm have planned.
"On the consumer side, you need to be attentive to your security
software and OS vendor updates and ensure that you are on top of them,"
advised Alfred Huger, vice president
of development at Symantec Security Response. "For the
enterprise, those same things are true, but additionally enterprises
should consider whether their security software is able to control
outside media being introduced into their environment without their