The Conficker.B Worm

March 22nd, 2009

Ordinarily, I don’t report on high-tech topics. As a former technical writer and software engineer, I have indeed been there and done that. Nonetheless, I continue to stay in touch with technology. And, like most readers of this blog, I regularly receive “alerts” from well-meaning friends who are fowarding those alerts from THEIR friends to do—or not to do—something involving some peril on the Internet.

Sand Worm from Dune
Sand Worm from Dune

You know what I mean: those WARNINGS (in upper-case letters for added urgency) to “delete any message that includes a link to an e-card from a greeting card vendor…” And your friends will swear, that “It’s verifiable on…Really.”

However, over the past few days, among my incoming e-mail messages, I’ve noticed a pattern that causes me concern. The steady stream of spam I normally receive anyway, has begun to emanate from legitimate companies.

As an example: I received the following “offer” for “Canadian drugs” from xptlgrb@booksinmotion dot com. Of course, the e-mail address, the topic, and the included hot-link (bestcheapcanadiandrugs dot com) would tell most of us right away that this was spam. But as I opened my spam filter to add yet another discount Internet pharmacy to my ever-lengthening list, I couldn’t help wondering why a company called Books In Motion dot com might have an interest in sending me spam e-mail hawking bogus Viagra.

On typing the Books In Motion Web address into my browser, I discovered that it seemed to be a legitimate online company with no apparent interest in offering me the opportunity to improve my sex life at a significant discount. BIM sell audio books on tape and DVD. In fact, some of the titles they have on offer are from The New York Times best-seller list.

I’ve been following the news about the conficker.b worm coiling its way through the Web. Based on analysis of my own incoming e-mail, I’ve begun to speculate if—along with the nefarious things any virus can do to an individual computer—this one might have the power to co-opt a domain name and create its own e-mail addresses on that domain. Or worse—having usurped an email address from a legitimate company, could the worm begin sending out spam with links to other sites that, in turn, could cause even more harm?

If you Google the phrase ‘conficker.b worm,’ you’ll find a lot of reports about what the worm does to an individual machine and how it seems to be creating a “botnet” linking thousands of computers together for the sole purpose of spreading the worm.

Not surprisingly, and true to the mythology of the Web’s alternate universe, conficker.b’s demonic creators are chortling that April First is going to be a very auspicious day in the life of their pet worm.

But the reporters, pundits, and prognosticators are more than a little vague about what may actually happen. Could it be that I’m one of the anointed ones and being treated to a sneak preview? Will I get a bazillion spam e-mails on April 1 from legitimate—if innocent and unwitting—companies whose marketing departments have no idea they are offering me discount drugs from Canada?

I don’t know, but I confess that I am more concerned about this one than any among all the viruses I’ve seen over the past two decades.

So I went to the mountain. I visited Microsoft’s Website to see what their pantheon have to say about conficker.b. Again, they have a lot of information about what it does, but they’re a little light on what the perversion is supposed to achieve. Nevertheless, I downloaded and installed the latest Microsoft patch for my operating system, and I’ll be checking back regularly with the gods on high in the week leading up to April 1.

What should you do? Well, don’t panic. There are tons of information out there that describe the symptoms as well as the remedies. Here are a few of the steps I’ve taken (and I will not post comments that suggest getting a Mac or running some flavor of Linux):

• Visit the Microsoft Web site and download the latest patch for your operating system.

• Be sure your anti-virus software is up-to-date. Conficker.b is most likely to arrive as a hot-link (a clickable Web address) within an email from a compay that appears to be legit. (The big three—Norton, McAfee, and Kaspersky—are all updated several times each day.)

• Just for fun, back up your My Documents directory to an external hard drive, a thumb drive, a CD, or a DVD. That’s good practice anyway, and I’m as guilty as anyone else for letting it slide.

• Speaking of external devices, go to this link at Microsoft and follow their instructions for disabling Auto Run. Apparently, conficker.b likes to hide out on thumb drives and external hard drives.

As a final precaution, I probably won’t start my computer on April 1, at least not until I’ve heard the morning stories on the BBC. Of course, your mother has already given you the best advice for dealing with computer security issues: Don’t accept cookies from strangers.

Comments are closed.