IT was ready for a Conficker attack

More

Conficker Worm

• Researchers turn Conficker's own P2P protocol against itself
• Conficker botnet could flood Web with spam
• IT was ready for April 1 Conficker attack
• Conficker, the Internet's No. 1 threat, gets an update
• IT Blogwatch: Conficker botnet wakes up and smells the coffee
• Conficker's makers lose big, expert says
• Conficker activation passes quietly, but threat isn't over
• FAQ: Just the facts on Conficker

More: Malware Knowledge Center

Computerworld - An expected April 1 activation of the Conficker.c worm passed without incident, calming widespread fears that the Internet was in danger of attack.

In the days prior to April 1 -- the date that the worm was supposed to get instructions from its unknown creators -- IT security managers acknowledged that they were concerned but said they were confident that their teams could deal with an attack.

For the most part, companies patched the vulnerability that the worm exploits and updated anti-malware and intrusion-detection software to protect against the threat.

Matt Kesner, chief technology officer at Fenwick & West LLP, said the San Francisco-based law firm took the Conficker.c threat more seriously than most other viruses and worms because security analysts had said it is unusually well-written and is programmed to quickly respond to security countermeasures.

Conficker.c is the third version of a Windows bug, also known as Downadup, that first surfaced in Windows-based PCs last November. In January, a second variant of the worm infected many more PCs. Conficker.c surfaced last month and quickly caused significant concern because of its ability to "armor and harden the existing infections," said Vincent Weafer, vice president of Symantec Corp.'s security response group.

The latest version, which also includes mechanisms for evading detection, was hard-coded to start contacting its command-and control-servers on April 1, presumably to receive instructions on what to do next. Toralv Dirro, a security strategist at McAfee Inc.'s Avert Labs in Germany, noted that the worm did reach out last Wednesday, but "so far, none of the servers they are trying to reach are serving any new malware or any new commands."

No one is sure how many PCs have been infected by the worm's three versions, though estimates range from 1 million to 12 million.

The mystery surrounding the April 1 instructions -- along with a March 29 story on the television news program 60 Minutes about a possible Conficker attack -- attracted the interest of corporate executives.

"The 60 Minutes segment certainly has caused CIOs to ask about Conficker," said John Pescatore, an analyst at Gartner Inc. "It is just like the old Slammer-Blaster days," he added, referring to a mass worm that hit the Internet several years ago.

Jim Kirby, director of information infrastructure at Dataware Services LLC in Sioux Falls, S.D., said that, despite the hype surrounding Conficker, he was not overly concerned that it would cause problems on April 1. "We have a strong system-update policy and feel largely immune from infection. Close the doors properly, and you don't have to worry so much about the malware of the day," he added.