Worm To Deliver April Fool's Day Surprise?
This is something that used to really get me going as an information security practitioner. Someone would forward me (and everyone else they knew) an email that had the most dire of warnings - "EMAIL VIRUS WILL WIPE YOUR HARD DRIVE - Do not open !!!"
This email would include everyone on the person's address list -- friends, relatives, coworkers, bowling league, quilting club, (you name it) would be cc'd on the email. It would land in my inbox with almost a perceptible plop amid more important emails from my boss or updates from operations on testing dates and server update times.
The considerate person would add their two cents by adding a comment like, "Joe Smith from my bowling league sent this to me. I wanted to make sure you knew about it and were aware it could happen to you."
My coworkers, also in information security, were usually also cc'd on this email. We all would collectively sigh and one of us would say, "Okay, who is sending the email explanation this time?" We had developed a standard email response to these "Chicken Little" emailing employees. The email would gently and with as much warmth as possible tell them they were wrong to forward an email they didn't confirm as being true. We'd also add a line about use of corporate email and then give them some places to check out the truthfulness of the email claim and how to respond to people that send them emails like that one in the future.
This line of action was great if the email wasn't true. Many of the scariest virus warnings floating around the Internet were just the opposite. These emails are considered a type of urban legend, and the long list of Internet hoaxes had its origins almost at the beginning of the Internet. Virus hoaxes were no different. To see a history of Internet hoaxes and fake virus warnings see www.snopes.com. Anyone (think of your well-meaning cousin/relative) who sends emails about Internet virus warnings should check this site before sending a blast email to everyone they know.
Now comes the hard question: What if the email contains something that is true or at least has some truth to it? An email I got last week was one of those types of emails. A friend sent me a warning about a greeting card/postcard email that I may get on April 1. He warned me not to open anything that had a greeting card/postcard type of attachment, even if it was from someone I knew.
What my friend was referring to was the Conficker C worm, which has been making the headlines in computer tech publications since January, as its known infections topped more than 9 million computers around the globe. Microsoft put a $250,000 bonus on the author's head, and security experts are in a race to find the source or author of the worm before it launches. What is Conficker C's launch date? You guessed it, April Fool's Day -- April 1.
Conficker C is seen by security experts as having some pretty nasty abilities. What the worm is expected to do on April 1 is launch a control code to bring all of the infected computers under the control of a master that is somewhere out on the Internet. After that, all bets are off -- what direction it will take is up to the master machine. Those 9 million plus computers could do anything, steal personal information, wipe clean the hard drives, launch denial of service attacks, or try to sell the owner fake security software.
Security experts and researchers are busy hunting for the worm's origin and author, and are saying it is a clever worm that hides its tracks by using a huge number of URLs to talk to its owner. The first version of the worm used 250 addresses a day, a number easily disabled by researchers and ICANN. But the number Conficker C will use is estimated to be 50,000 addresses a day, a number not easily stopped by disabling individual URLs.
Some advice to institutions and their customers: In the coming days, use extra vigilance in updating computer software. Get all your patches done now, and make sure all anti-virus software is updated with the latest signatures. If your institution has a security alert capability for your customers, give them a "heads up" on this worm. Microsoft is offering a free online safety scan http://onecare.live.com/site/en-us/default.htm that should detect any Conficker versions on a computer.