This is No Joke: Conficker.C to Strike on April Fools' Day

Just when you might have thought it was safe to start using USB flash drives at work again, the third, and by all accounts, most fiendish version of the Conficker worm that's infected millions of PCs already is set to attack on April 1st, Ars Technica reports. Conficker.C's designed to hide itself even more thoroughly than its older siblings Conficker.A and Conficker.B, using tricks such as:

• Inserting itself into as many as five Windows-related folders such as System, Movie Maker, Internet Explorer, and others (under a random name, of course)
• Creating access control entries and locking the file(s)
• Registers dummy services using a "one (name) from column A, one from column B, and two from column C" method

To find out what happens when Conficker.C strikes, join us after the jump.

Conficker.C's payload makes it harder than ever to recover from being infected:

• Deactivates Windows Security Center notifications
• Prevents restart in Safe Mode
• Prevents Windows Defender from running at system startup
• Deletes all system restore points
• Disables various error-reporting and security services
• Terminates over twenty security-related processes
• Blocks DNS queries
• Blocks access to security and antivirus websites
• And, to top it all off, Conficker.C can choose from a list of 500 domains to contact out of a pool of 50,000 (way up from Conficker.B's 32 out of 250).

See the Win32/Conficker.C writeup at CA's website for complete technical details.

Microsoft, Panda Software, Symantec, and McAfee are just a few of the vendors that have now updated their threat encyclopedias to include Conficker.C (it's sometimes listed as Conficker.B++). Since Conficker.B and the new Conficker.C are designed to block access to antivirus websites, you might want to download removal tools now - just in case. You can get one developed by BitDefender from the Downadup.org website (Downadup is the alternative name for Conficker); however, keep in mind that ArsTechnica isn't certain if it will remove Conficker.C (it will remove older versions).

Naturally, prevention's way better than curing a nasty worm outbreak. To learn more about preventing infections, and for links to additional removal tools, see our previous Conficker articles.

Have you been hit by any Conficker version? Any tips for the rest of us? Hit Comment and pass them along. 

USB flash drives illustration courtesy of BBC.