Singapore authorities warn of April 1 computer worm

By Chua Hian Hou, ANN/The Star

SINGAPORE: A government information security watchdog here has issued a warning for people to take precautions against a fast-mutating malicious computer program that is poised to strike on Wednesday.

In a bulletin sent out Monday, the Singapore Computer Emergency Response Team (SingCert) warned that the latest variant of the Conficker worm, known as Conficker.C, may “become active on April 1.”

SingCert, a unit of technology sector regulator Infocomm Development Authority, identifies information security threats and coordinates computer security responses to events like hacking attacks.

Conficker targets computers running Microsoft Windows software, automatically jumping from one computer to another over a local network or by hitching a ride on portable storage devices like USB drives. Only computers that have not been updated with new security signatures are vulnerable.

The worm is one of the more sophisticated programs developed to date. Earlier versions of such programs were easily found and removed, but Conficker’s creator regularly comes up with improved versions of the worm to foil efforts to remove it. The creator remains at large despite a US$250,000 bounty put up by Microsoft.

The newest variant, Conficker.C, the fourth generation of the worm since it was first discovered late last year, disables security features like Microsoft Windows’ automatic update.

One of Conficker’s key features is its ability to call up a “master computer” via the Internet for directions. This feature is present in an improved form in its latest variant.

And Wednesday, Conficker.C infected computers will do just that, SingCert warned, although “the exact nature of the activity that will occur … is not known at this time.”

Paul Ducklin, security company Sophos’ Asia-Pacific head of technology, said that while it is possible “nothing will happen (tomorrow), it is also possible that something will happen and you’d wish you did something about it today.”

And even if nothing happens tomorrow, he added, it does not mean that Conficker cannot strike on May 1 and is instructed to, say, erase your computer.

Since its release, Conficker has claimed more than 10 million victims worldwide, including computers used by the British Parliament.

For instructions on how to check if your computer is infected and how to remove the worm, visit SingCert’s website at