Thursday, April 9, 2009
Conficker C finally kicked in to life yesterday - April 8, 2009.
Conficker C was programmed to start its search for an update beginning April 1, 2009.
It had been searching for this update for the past 7 days and finally found the instructions yesterday. No one knows the details of these instructions because of its heavy encryption.
Experts only know at this point of time that, after installation, the instructions tell the computer to check one of five random websites -- MySpace, eBay, AOL, CNN, and MSN -- in order to verify the computer has internet access and then confirms the date and time.
Also it includes instructions for Conficker C to delete itself and stop running on May 3, 2009.
The downloaded instruction then deletes itself, leaving no traces.
Experts also believe that the downloaded instruction installs an undetectable root kit for further downloads, finally leaving the system vulnerable to attack. Know more about Conficker C from my earlier post.