First, it's on millions of PC's. Second, to date, it hasn't explicitly done anything deeply "wrong", beyond propogating and protecting itself by doing things like blocking virus scans etc.
The question is: what IS it going to do? What's the purpose? Well, it's a tool for the "owners"; they have access to millions of computers, for doing just about whatever they darn well please, when they please. If they wake up on the wrong side of the bed and decide to toast them via disk wipes, they can have the virus download new instructions to do just that. However, that's not likely, because to understand this we have to understand the mindset of the creators.
The creators are, in all likelihood, part of a crime syndicate. Availability of millions of computers is a tool not to be wasted for non-monetary purposes. How exactly they will be used over time will be revealed, one conficker update cycle at a time, starting in two days.
How does such extensive infestation happen in this day and age? Unfortunately it happens because organizations and individuals don't keep their system software current, end of story. Anyone at Windows XP SP2 or anything more recent than that have access to both patches that prevent conficker, and to s/w that will find it and remove it.
The problem is all the computers that run older s/w. MS doesn't support XP SP1 anymore, for example, and have not and will not release a patch to correct the security flaw that enable infestation by conficker. While we can berate MS for this, I don't think that's appropriate, because if an organization (or individual) doesn't bother to upgrade to SP2...then are they really like to bother with a security patch to the SP1 system? I'd guess probably not.
So while we can moan and groan about "insecure software", unfortunately this is as much or even more a human and organizational behavior (and economic) issue than it is a technology issue. Or to put it a different way, folk there's always going to be security issues in s/w. (Well, maybe someday that won't be true but for the next good while it is and will be!) At the same time, there will always be ways to REACT to the security issues that come to light...which requires not just "dumb users" but involved users, caring users, thoughtful users, and perhaps most importantly...users that understand that keeping their computer systems secure through updates is a COST OF OWNERSHIP REQUIREMENT.
Conficker is a fascinating testament to the problem: it's insidious, and it causes, to date, no overt and obvious (to the casual user) harm to the computer. So "all is well", and infected machines work hard to infect others unprotected systems, and so it spreads. It's taking great advantage of our "feel no evil, there is no evil" attitude toward technology. I'd guess than 95% of the people sitting in front of computers infected with conficker have never heard of the worm (it is a "worm", a self-replicating computer program which, unlike a virus, does not need to attach itself to an already existing computer program). Kind of like getting a disease for which there are no clear symptoms for some time until...whoops, something bad happens.
In the case of conficker, the "something bad" may still not be anything overt obvious to the infected systems. For example, they could be harnessed to launch mass denial of service attacks at specific targets, or perform spam mailings, etc. The impact on any particular infected system may be very minor.
I still hear many of you reading this asking "but isn't there a technical solution?". Sure there is! Don't run older MS operating system software that is vulnerable to a RPC buffer overflow attack; keep your system software current and updated with all latest security patches! Don't run your computer in a ADMIN$ share using NetBIOS that doesn't use strong passwords (this is probably the method through which large groups of commercial computers have been infected).
Other steps: go here and download a latest/greatest copy of the microsoft malware scanner, and then run it by navigating to c:\WINDOWS\system32 and running the program mrt.exe:
http://www.microsoft.com/
(Note: if you are unable to access this page with your browser...you are probably infected! Conficker blocks access to most security/virus related sites...)
Can system software or some kind of add on security software be designed to "automatically detect" and report an infestation? Well...yes. And the newest versions of the anti-virus software do exactly this, they find and neutralizes conficker, which is why one of conficker's actions is to disable the updating and execution of virus detection s/w! Okay you might ask, how about "built in" safeguards, built in sentries? Well...yes. And the anti-virus s/w on your computer (assuming you are current w/your updates and not infected) does this. "How about something generic that is always there from the get go that can find and notify or even destroy this and any and all new and different viruses and worms?". Ah yes, the holy grail.
No.
Why not? Because step 1b of every serious virus/worm designer is "counter all the existing defenses". So it becomes a game of "can we develop a non-counter-able defense, which can find and deal with any arbitrary infestation?".
My friends that is seriously difficult, perhaps bordering on impossible, and perhaps even formally "uncomputable" (for you computer scientist types). Perhaps in an extremely well structured operating system environment with extremely formal interfaces and controls...which of course Windows definitely is not.
That said, you CAN enable programs to monitor themselves for changes, you CAN enable programs to validate the "correctness" and "appropriateness" of any attaching modules, and Arxan is in this business. But it takes proactive effort by the owners of all those programs to take such actions. Additionally worms such as confiker don't operate this way, it comes in as a separate body of code, hiding itself. Can all such "inappropriate" s/w be seen/found and root out as it lands in a computing system? That's tough, because again, a Windows (or Linux etc.) environment is one very complicated environment, with a wide range of dynamic content including many different programs being loaded and run.
The analogies with biological viruses and human behaviors here are just too strong to ignore. "Can we protect ourselves from viruses?". Well, yes...to a degree. Wash your hands often particularly after being in public places or having human interactions, take your vitamen C (500 mg 2x/day folks, it's working for me!), get regular aerobic exercise (20+ minutes 3-4x/week), practice safe sex, etc. So...does everyone do this? Hah, not even close. So we are far far more sick than we need to be.
Our computers are too. Between 9 and 14 million of them by last estimate, to confiker infection alone.
That's sad. So check your computer and keep it current.
