Conficker Worm Deadline Passes Quietly - So Far

Conficker's activation deadline has passed without a big bang. Still security researchers say that doesn't mean the threat posed by the Conficker worm is gone.

The Conficker worm's supposed doomsday deadline has passed quietly.

According to security vendors, so far there has been no dramatic activity.

"McAfee Avert Labs has been closely monitoring Conficker-related threats and, we haven't observed any significant activities on the domains that it is polling for thus far," blogged McAfee researcher Shinsuke Honjo. "Even so, please remain vigilant and watch this space for any further updates to the current status."

Conficker.c was programmed to begin contacting command and control servers in search of an update starting at midnight GMT April 1. The worm generated a list of 50,000 pseudo-random domain names and selected a subgroup of 500 to contact. Though that process has started, security researchers noted that the actual update may not even come today.

"The most likely outcome on April 1 is denial-of-service conditions resulting from increases in network bandwidth," opined Gartner analyst John Pescatore. "The major risk of Conficker is the ongoing threat that compromised PCs present to both enterprises and home users."

The current variants of the worm spread by exploiting a patched Microsoft vulnerability as well as via network shares by logging on to computers with weak passwords. The worm can also spread using removable media.

Experts have estimated that millions of computers are infected with Conficker despite the Microsoft patch and a plethora of removal and detection tools. The sheer number of compromised PCs could constitute one of the largest botnets ever. But it still remains to be seen what the minds behind the worm have planned.

"On the consumer side, you need to be attentive to your security software and OS vendor updates and ensure that you are on top of them," advised Alfred Huger, vice president of development at Symantec Security Response. "For the enterprise, those same things are true, but additionally enterprises should consider whether their security software is able to control outside media being introduced into their environment without their express consent."