The worm was activated on April Fool’s Day, but experts said Wednesday that although nothing noticeable had occurred computer users are not off the hook.

As the worm slithered through millions of infected machines running Microsoft’s Windows operating systems, computers were expected to try and phone home to a master control centre by logging on to thousands of Internet domain names.

Patrik Runald, chief security adviser for F-Secure, estimated more than 50 million computers were infected worldwide, meaning the worm could still be lurking on computers. “That is happening right now,” he said on Wednesday. “Obviously April 1st has already hit Asia so we’ve had over 24 hours of these computers reaching out to these websites and nothing has happened.”

The worm infects computers by taking control of the operating system. Then it spreads like cancer, ravaging security services by attacking vulnerabilities in the Windows system and blocking access to security websites.

Runald, whose company works as part of an industry alliance of security companies and Internet service providers called the Conficker Working Group, anticipated the worm will continue for weeks.

“Just because nothing happened today doesn’t mean the danger is over and we can relax because something could happen at any moment.”

But just what will happen baffles even the most tech-savvy individuals.

No one knows who created it but the president of Canada’s Internet Registration Authority says it’s likely a group of elite hackers whose motivation is old-fashioned greed rather than something like bringing down the Internet.

The hackers could be collecting credit card numbers stored in confidential documents on infected computers, which could generate millions of dollars, said Byron Holland.

“Or It could be a case like Mafiaboy — you remember, that good Canadian kid who created a botnet and then used it to attack major commercial websites like CNN for example and brought them to their knees,” said Holland.

He added there is no doubt in his mind the worm’s authors picked April Fool’s Day intentionally to launch the worm to create a smokescreen by making people think it’s a prank, thereby lulling people into a false sense of security.

“This particular piece of code is extremely sophisticated, clearly written by software engineers,” he said. “This is not an unconscious decision. The fact is it gets people wondering if it’s a joke, creates confusion and people don’t take it seriously.”

Bruce Cowper, chief security adviser for Microsoft Canada, said security officers have disabled a significant number of domains targeted by Conficker to disrupt the use of the worm and prevent potential attacks.

“We are not currently aware of any customer impact from this activity,” he said in a statement. “Currently, we have not identified any actions outside of what we expected, including no new variants of Conficker and no other malware uploaded on the domains.”

Microsoft has offered $250,000 to anyone who can provide information that leads to the arrest and conviction of those responsible for Conficker.

Holland also noted Canada’s Internet Registration Authority was also aggressively working to block the worm by isolating previously unregistered dot-ca domains.

“We can’t wipe it out like polio but what we can do is really mitigate it,” said Holland. “I think the fact that the worm has been relatively benign so far to some degree speaks to the fact we have been effective in this.”

There are several ways to identify an infected computer including, a hard drive that is whirring away on its own and not be able to surf security websites such as Symantec.com or McAfee.com.
Source => http://www.canada.com/technology/Hackers+activate+worm+systems+trashed/1456113/story.html