Downad, Conficker and April 1
A friend asked me about the conficker/downad malware on our yahoogroups. I replied that since I am not allowed to do official PR’s (Press Releases) on this issue, I will just post some publicly available articles related to the conficker/downad malware (and some of my personal opinions if I will have some extra time). So here we go:
First some definitions.
Downad is a malware. Different AV (Antivirus/Internet Security) vendors have their own naming schemes for it: Conficker, Downadup, Kido and Downad. I won’t go on the the details why different AV have different names, it’s really a long story and maybe worth a post or two in the future.
April 1 is of course April fool’s day. By experience, we know that some malware authors’ uses special days and events (like Halloween, Christmas, Thanksgiving, Valentines, etc) as trigger dates for their wares.
So why is April 1 associated with Downad?
The antivirus researchers know that a widely known Downad/conficker malware variant have the date “April 1, 2009” inside its code as some sort of trigger date. Trigger date that it will do something bad.
Why Conficker/Downad is so special?
Maybe because Microsoft offered some big bounty for the malware authors responsible for the downad. Read more here
There are also some ongoing discussion in some high tech blogs that all these things are hype. My personal opinion: Better be prepared than be pwned.
In the tradition of my free six video post, Below are some six articles/links if you’re interested to dig further:
- New Downad Generate More URLs
- Conficker’s next move a mystery to researchers
- The Conficker Worm: April Fool’s Joke or Unthinkable Disaster?
- What Will Conficker Bring on April 1?
- Houses of Parliament computers infected with Conficker virus
- Trend Micro Virus Description for Downad malware variants
Will post some other related articles here (or as a new post) as we near April 1.