In the run-up to April 1st I saw quite a bit of fairly hysterical coverage of the Conficker worm. Much of it appeared to be written by journalists who didn’t have much of a clue, or by concerned IT workers with limited communication skills. One of the things that most of these articles lacked was clear and reliable directions as to how to find out if you were infected. Sometimes us old folks who have been playing with PCs for decades are quite useful, and today my feed reader popped up Jerry Pournelle with some simple and sound advice. In particular he pointed to this web page, which uses an ingenious test to tell you very quickly whether your computer is infected or not.
The map of infections is fascinating as well. It is probably a very good proxy for a map of where in the world lots of people are online.
Did you see this, 8 days ago?
Conficker worm kills 48 in Pakistan
http://www.sovietskynews.com/cutenews/news/index.php/2009/04/01/conficker-worm-kills-48-in-pakistan.html
48 are confirmed dead in Islamabad, Pakistan, arousing suspicion that the much-feared Conficker.c computer worm has taken its first victims…
Nice. Perhaps would have been better if they had photos of the worm’s burrow and eye-witnesses attesting to its huge number of teeth. “A local holy man, known as Muad’Dib, said…”
Conficker is the little mind killer… ;}P>
The “eyechart” link was available before 1 April. It really just provides a “one link” reference to advice that was already available, that is try to open up an anti virus company url in a browser. If you can’t connect to say symantec.com, you may have a problem. It was known that conflicker was blocking access to anti virus software.
There were reports of conflicker trying to “call home” on 1 April. Since the domain names it wanted to use were known from the disassembled code, a number of ISPs were blocking them. Maybe that mitigated a potential problem.
George
And just a few hours latter, what does CNN report?
http://www.cnn.com/2009/TECH/04/09/conficker.activated/index.html
“(CNET) — The Conficker worm is finally doing something–updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.”
George