Conficker a Year Later--Help Stamp It Out

It’s been a year since the Conficker worm first started turning up on Windows PCs and the Conficker Working Group estimates that there are still millions of computers infected with it. These systems are still a potential threat to their owners and to the health of the Internet as a whole, but there’s a really easy way to find out if a computer is infected: the Conficker Eye Chart.

On a clean system, all of the images on this page will show up. If it’s infected, some will be missing. The site includes simple instructions on how to interpret the results and how to remediate an infected system. Run it on your PC. Better yet, run it on your mother’s PC and your kids’ PCs.

Conficker still remains something of a mystery. Experts have no real idea of who is behind it or what it was intended to do, says Tom Cross, manager of X-Force Research at IBM Internet Security Systems who has worked closely with the Conficker Working Group. Despite the fears of security experts, the bots infected with the worm were never used to mount any sort of serious attack. What remains unknown is whether the infection was some sort of elaborate rehearsal for a future attack or if the vigilance of the computer security community prevented something worse from happening.

Conficker bots fall into two groups, says Cross. There are about 5 to 6 million systems infected with Conficker A or B, but efforts by the Conficker Working Group have prevented these bots from being updated by their command and control systems. Another 500,000 or so that are infected with Conficker C remain more of a threat because security experts have been unable to cut off their communications with their masters, but the number is slowly shrinking, Cross says.

One positive development from the Conficker attack was the unprecedented cooperation across the computer industry that produced the Conficker Working Group. Cross says he hopes that the experience and the structures that have been put in place leave the industry in much better shape to deal with the next major infection.

    Before it's here, it's on the Bloomberg Terminal. LEARN MORE