April Fool's Conficker Threat is Likely Hype
According to Joe Stewart, a security researcher at SecureWorks who knows what's what when it comes to malware, "there will be no April 1st outbreak." Clean PCs won't suddenly melt down from a new Conficker infection. All that will happen, Stewart writes, is that the worm will begin to use a new trick that gives it a better chance of getting around existing defenses that attempt to prevent it from updating. The ability has been around since a new Conficker variant came out earlier this month, but it won't activate until April 1st, Stewart says.
Put another way, if you're not infected on April 1st, nothing will happen to you. If you are infected with Conficker, it will attempt to update itself. That update could theoretically contain instructions to do something drastic, like wiping out a hard drive, but that's pretty unlikely. Conficker's creators stand to gain nothing by such a destructive act, and malware these days is all about gain.
And there's a relatively simple check to see if you're infected with Conficker: Point your browser towards f-secure.com, secureworks.com, microsoft.com or other security sites. If you get a "page cannot be displayed" error for all the sites, there's a good chance they're blocked by Conficker or similar malware on your PC.
If that happens to you, you'd also be blocked from normally downloading free Conficker removal tools. But you can get around the malware blocks by using a Web proxy or alternate download links, according to Stewart. Here are some links:
Microsoft Malicious Software Removal Tool: http://mscom-dlcecn.vo.llnwd.net/download/4/A/A/4AA524C6- 239D-47FF-860B-5B397199CBF8/windows-kb890830-v2.6.exe
F-Secure removal utility ftp://22.214.171.124/anti-virus/tools/beta/f-downadup.zip
McAfee's removal tool http://126.96.36.199/vil/conficker_stinger/Stinger_Coficker.exe
- McAfee just released this Stinger build today, and says it will update it on a daily basis to include new Conficker variants.