April 1 has turned into a certifiable day of lunacy for Internet pranksters, with even major companies like Google and Whole Foods Market getting in on the act with fake product announcements and features designed to make people grin. This year was promising to be a little different—at least according to mainstream media outlets—because the dreaded Conficker worm was schedule to “phone home” and receive new instructions on how to wreak havoc on the Internet and Web sites all around the world. But now it’s April 2, and the Conficker threat has largely failed to materialize.
Conficker has been through two major iterations, A and B, both of which used encryption to hide their target lists in an effort to disguise what sites the worms would target. Both encrypted payloads were broken, and security researchers began preparing for a new “C” variant due to launch when Conficker-infected systems called back to their control servers for new instructions. But while Conficker is still definitely roaming the Internet, so far there doesn’t seem to have been a marked increase in Conficker traffic, nor has a major new variant on the worm appeared in the wild.
If Conficker has indeed fizzled—and isn’t just lying in wait to strike again on a less-auspicious date—much of the credit would go to DoxPara‘s Dan Kaminsky along with Felix Leder and Tillmann Werner, who helped develop technology that can detect Conficker-infected systems based on how they respond to particular probes.
Leder and Werner have published a detailed report aimed at security experts and administrators on containing the Conficker worm (PDF), and if you’re curious to know whether you’ve been infected by the Conficker worm, Joe Steward at the Conficker Working Group has put together a simple Web page that ought to tell you: if you’re missing images in the top part of the page, Conficker may be blocking your access to security sites.
