Last-minute Conficker survival guide
Tomorrow — April 1 — is D-Day for Conficker, as whatever nasty payload it’s packing is currently set to activate. What happens come midnight is a mystery: Will it turn the millions of infected computers into spam-sending zombie robots? Or will it start capturing everything you type — passwords, credit card numbers, etc. — and send that information back to its masters?
No one knows, but we’ll probably find out soon.
Or not. As Slate notes, Conficker is scheduled to go "live" on April 1, but whoever’s controlling it could choose not to wreak havoc but instead do absolutely nothing, waiting for a time when there’s less heat. They can do this because the way Conficker is designed is extremely clever: Rather than containing a list of specific, static instructions, Conficker reaches out to the web to receive updated marching orders via a huge list of websites it creates. Conficker.C — the latest bad boy — will start checking 50,000 different semi-randomly-generated sites a day looking for instructions, so there’s no way to shut down all of them. If just one of those sites goes live with legitimate instructions, Conficker keeps on trucking.
