So where's this scary Conficker worm then?

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Security experts say some Conficker-infected computers - those poisoned with the latest version of the worm - started "phoning home" for instructions more aggressively, trying 50,000 internet addresses instead of 250. However, security companies monitoring the worm remained successful at blocking the communications.

"We didn't see anything that wasn't expected," said Paul Ferguson, a security researcher at antivirus software maker Trend Micro. "I'm glad April 1 happened to be a non-event. People got a little too caught up in the hype on that. (The infected computers) didn't go into attack mode, planes didn't fall out of the sky or anything like that."

The worm can take control of unsuspecting PCs running Microsoft's Windows operating system. Tied together into a "botnet," these PCs can be directed to send spam, carry out identity-theft scams and bring down websites by flooding them with traffic.

That's why the April 1 change in Conficker's programming was a small twist - and not the end of the story. The network of Conficker-infected machines could still spring to life and be used for nefarious deeds.

One scary element is that Conficker's authors have given the infected PCs peer-to-peer abilities, which allows them to update each other and share malicious commands through encrypted channels. That ability means the computers don't have to contact a website at all, and the communications are protected.

And the criminals behind Conficker are likely taking their time.

"The people who are pulling the strings on this are very slow and determined and measured in making modifications to this botnet," Ferguson said. "Basically, they're building a layer of survivability."

Conficker spreads without human involvement, moving from PC to PC by exploiting a security hole in Microsoft's Windows operating system. In October, Microsoft issued a software update, called a "patch," to protect PCs from the vulnerability, but not everyone applied the patch.

In one telltale sign of an infected machine, Conficker blocks Microsoft's site as well as those of most antivirus companies. Computer owners can work around that obstacle by having someone else email them a Conficker removal tool.

Security researchers don't have a firm estimate of the number of Conficker-infected machines. There appear to be at least 3 million infected PCs, and possibly as many as 12 million, but tallies vary because some machines may have been counted multiple times, and the number fluctuates as PCs are scrubbed clean of the infection while other machines are compromised.

This article originally appeared in the New Zealand Herald