Details are emerging of how the Conficker.c worm could act on April 1st. It has been known for some time that the worm, which is believed to have infected up to 10 million computers, has a major change of operating mode due to take place on April 1st. Until now, nobody has been able to determine exactly what could happen.
Our contact in the hacking world, a virus writer and hacker known to us only as CodeSpanka, has helped us put the pieces of the puzzle together. CodeSpanka believes that the key to the changes will be an automated update of the worm which it will instigate itself. The new version, called Conficker.d by the security community, will be downloaded to all infected computers as they link to the internet. Based on the number of infections, it is predicted that this download could account for a high proportion of all internet traffic on 1st April.
It is CodeSpanka's belief that the update will have been written recently, and that current events will be taken into account. He says that the writers are anarchists and anti-globalisation protesters, so the primary targets will be international commerce and politics.
CodeSpanka thinks the new version will first attempt to infect as many other computers as possible on a 'big-bang' basis. This will be what is known as a 'zero day' attack, planned to infect computers on 1st April, before the anti-virus companies can react. Because of this, anti-virus software and firewalls will not protect computers from the new infections.
Following this, he believes the main aim of the worm will be to disrupt and overshadow the G20 Summit, due to take place on April 2nd in London. He thinks the worm will attempt to shut down several high profile establishments such as the London Stock Exchange and the Bank of England as well as interfering with the Summit itself. In parallel with this he expects the worm to mount massive Distributed Denial of Service attacks on the world's main financial and government institutions, resulting in the kind of disruption only previously seen in disaster movies.
The British Government poured cold water on CodeSpanka's claims earlier today, suggesting that it was 'publicity-seeking scaremongering'. They said that previous concerns over computer issues such as the Millennium Bug proved to be unfounded, and that they had adequate security measures in place.
This was called into question later when CodeSpanka posted his response, "yeah-rite", on the front page of the House of Commons Website.