April 1, 2009 and Conficker

We’ve gotten a number of questions from customers asking us if we’ve seen any new activity from the Conficker worm now that it’s April 1, 2009.


We and our partners in the Conficker Working Group have been watching closely and we’ve not seen any new malicious activity from Conficker. We haven’t seen any actions outside of what we expected. We have seen systems infected with Worm:Win32/Conficker.D starting to use the new domain generation algorithm. But we haven’t seen any new variants released or any new attacks levied as a result of this.


While there’s been a significant focus on the April 1 date, customers shouldn’t take it to mean that once April 1 has passed that all the risks around Conficker.D lessen or go away. Like I said on Friday, Conficker.D should remain a manageable cause for concern and it doesn’t go away after April 1. Just like it has on April 1, Conficker.D will continue trying to contact domains using this new algorithm on April 2, April 10, and beyond. This means that even though it hasn’t happened today, a new variant or a new attack could be levied in the future. And so, customers should keep focused and keep doing what they’ve been doing: focusing on ensuring your systems are updated with MS08-067, keeping your security software signatures updated, and cleaning any systems you identify that are infected with any version of Conficker.  Remember that we have more information about Conficker for home users, and IT Pros.  And the MMPC blog always has good information related to malware.


And of course, we and our partners in the Conficker Working Group will keep focused on our ongoing efforts to protect customers and provide you with updates about the situation as we have them.




*This posting is provided “AS IS” with no warranties, and confers no rights.*