Conficker worm plays no tricks on April Fools' Day

AFP…

The Conficker worm’s April 1st trigger date came and went without the bedeviling computer virus causing any mischief but security specialists warn that the threat is far from over.

see conficker ‘password’ codes here:

http://www.sophos.com/blogs/gc/g/2009/01/16/passwords-conficker-worm/

Conficker did just what the "white hats" tracking it expected — it evolved to make itself harder to exterminate and its masters tougher to find.

"There are still millions of personal computers out there that are, unknown to their owners, at risk of being controlled in the future by persons unknown," said Trend Micro threat researcher Paul Ferguson.

"The threat is still there. These guys are smart; they are not going to pull any obvious strings when there are so many eyeballs on the problem."

A task force assembled by Microsoft has been working to stamp out the worm, referred to as Conficker or DownAdUp, and the US software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat.

"It is pretty sophisticated and state-of-the-art," Ferguson said. "It definitely looks like the puppet masters are located in Eastern Europe."

The worm was programmed to modify itself on Wednesday to become harder to stop and began doing that when infected machines got cues, some from websites with Greenwich Mean Time and others based on local clocks.

The malicious software evolved from East to West, beginning in time zones first to greet April Fools’ Day.

Conficker had been programmed to reach out to 250 websites daily to download commands from its masters, they said, but on Wednesday it began generating daily lists of 50,000 websites and reaching randomly to 500 of those.

The hackers behind the worm have yet to give it any specific orders. An estimated one to two million computers worldwide are infected with Conficker.

The worm, a self-replicating program, takes advantage of networks or computers that haven’t kept up to date with security patches for Windows RPC Server Service.

It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another.

Malware could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.