Not to be a harbinger of doom, but this one sounds bad. There are some 6-15 million computers out there running Windows which are infected with a computer virus, dubbed Conficker C. The recent report by SRI makes for some chilling reading. On April 1 (that is, next Wednesday!) the virus is set to...well...do something. It's not clear what, but with so many millions of computers will do it. The report concludes:
We present an analysis of Conficker Variant C, which emerged on the Internet at roughly 6 p.m. (PST) on 4 March 2009. This variant incorporates significant new functionality, including a new domain generation algorithm and a new peer-to-peer file sharing service. Absent from our discussion has been any reference to the well-known attack propagation vectors (RCP buffer overflow, USB, and NetBios Scans) that have allowed C's predecessors to saturate so much of the Internet. Although not present in C, these attack propagation services are but one peer upload away from any C infected host, and may appear at any time. C is, in fact, a robust and secure distribution utility for distributing malicious content and binaries to millions of computers across the Internet. This utility incorporates a potent arsenal of methods to defend itself from security products, updates, and diagnosis tools. It further demonstrates the rapid development pace at which Conficker's authors are maintaining their current foothold on a large number of Internet-connected hosts. Further, if organized into a coordinated offensive weapon, this multimillion-node botnet poses a serious and dire threat to the Internet.
Yikes! Whoever wrote this thing is not a very nice person...or persons. The C variant apparently managed to upgrade itself over the network, and disables security anti-virus software. If I were you (and I am apparently not because I use only OS X and Unix) I would update my antivirus software every day and scan my machine. And leave it off next Wednesday if possible. Pass the word...
