Businesses should not panic about the Conficker worm, but there should be a modicum of concern, says Conficker...
researcher Dan Kaminsky.
The worm, believed to be lying dormant on millions of computers, is expected to contact control and command centres today, prompting fears of cyber attacks.
Security experts have downplayed the scale of the threat by pointing out that relatively few variants of Conficker are programmed to check in to control centres on 1 April.
Organisations have been advised to apply the relevant Microsoft security patch issued in October, but many IT departments have struggled to identify infected machines.
Conficker is designed to mask its presence, but in an important breakthrough announced this week, Kaminsky and two other researchers found a way of tracking it down.
"Conficker actually changes what Windows looks like on the network, and this change can be detected remotely, anonymously and quickly," said Kaminsky.
Several security software supplier have used the discovery to develop enterprise scanners, making it much easier for businesses to measure their exposure to Conficker.
"We have really moved this into the due diligence territory of one engineer kicking off a scan before lunch and getting answers by the time he gets back," said Kaminsky.
The researchers still do not know what Conficker is going to do if it is allowed to contact its command and control centres, but Kaminsky said its authors are clearly malicious and this scanner makes it cheap enough to find their code.
Until now, IT departments have had no way of telling which computers in their networks have been patched with the genuine Microsoft patch and risked overlooking infected computers that Conficker made appear to be patched.