Troops and militiamen clash in Baghdad

The Lakeland Ledger Friday 27th March, 09:22:11 PM

El Paso Times Thursday 26th March, 11:07:13 PM

Dallas Morning News Friday 27th March, 09:59:05 AM

A tenacious computer worm which has wriggled its way onto machines worldwide is set to evolve on April Fool's Day, becoming harder to exterminate but not expected to wreak havoc.

A task force assembled by Microsoft has been working to stamp out the worm, referred to as Conficker or DownAdUP, and the US software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat.

The worm is programmed to modify itself on Wednesday to become harder to stop, according to Trend Micro threat researcher Paul Ferguson, who is part of the Conficker task force.

"There is no evidence of it going into attack mode or dropping any particular payload on April 1st," Ferguson said in an interview.

"What people controlling the botnet are doing is building in survivability because of efforts by the good guys to lessen the harm of this thing."

The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows RPC Server Service.

It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another. Once in a computer it digs deep, setting up defenses that make it hard to extract.

Malware could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into "botnet" armies.

A troubling aspect of Conficker is that it harnesses computing power of a botnet to crack passwords.

Microsoft has modified its free Malicious Software Removal Tool to detect and get rid of Conficker.

"As this threat continues to evolve, Microsoft and other collaborative companies will continue to identify new ways to disrupt the Conficker threat to give customers more time to update their systems," said Christopher Budd, security response communication lead for Microsoft.

Computer users are advised to stay current on anti-virus tools and Windows updates, and to protect computers and files with strong passwords.

Conficker is programmed to reach out to 250 websites daily to download commands from its masters.

On Wednesday, the worm will begin connecting with 50,000 websites daily to better hide where orders originate, according to Mikko Hypponen of F-Secure computer security firm.

"They basically upped the ante; trying to make our lives more difficult," Ferguson said. "They realized the good guys were starting to intercept their communications."

The infection rate has slowed from a fierce pace earlier this year, but computers that are not updated with a software patch released by Microsoft remain vulnerable, according to security specialists.

Hypponen wrote in a message at F-Secure's website that Conficker is in one to two million computers and that most of those machines are believed to have an early version of the malicious software lacking the April 1 trigger.

"It seems that every other day you see some story about the Internet being hobbled together with bubble gum and paper clips," Ferguson said. "Conficker could be the biggest non-story of the year; at least that's what I hope it is."





Please enable your browser's cookies to activate the My Tech column.


Question and Answer content at Yahoo! Tech is written by Yahoo! users atYahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the .

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.