The Conficker worm has been spreading since November 20, 2008. The estimated number of infected computers range from two million to the tens of millions. No one has an exact number. Many people mistakenly think that the Conficker worm was programmed to wreak havoc on the 1st of April, and since it did not, the threat is over. This is not the case. I hope to briefly clarify what is known about Conficker in this entry.
As was reported by the media, Conficker had the date April 1st programmed into it. Contrary to what was conveyed, however, the April 1st date was not necessarily the date the virus would unleash its wrath on the world. This was certainly a possibility; however, the April 1st date was really just the date the worm would begin “calling home” for further instructions, which it did actively begin to do.
On April 1st no further instructions were provided; however, on April 8th the creators of the worm began delivering updates and other malicious payloads to infected computers. Among the malicious payloads being delivered is a fake AntiVirus program which fakes a virus detection and tricks the owner of the computer into purchasing fake antivirus software for $49.95. Another of the malicious payloads being delivered is a keylogger used to capture passwords and other personal data. The keylogger then sends the data to the virus creator.
The purpose of this entry is to make clear that although the April 1st date has past, this does not mean you are now safe, and you no longer need to update your computer and keep your antivirus software up-to-date. The worm is still active and no one knows for sure what it will do next.