There is a lot of media attention being paid to the Conficker C worm due to update itself tomorrow. Researchers have not been able to identify what exactly that update will do. It may simply upgrade the worm to make it harder to detect or instruct it to carry out certain actions. This lack of understanding is leading to a certain level of confusion and indeed some security companies hyping up the issue to no doubt help their bottom line.
F-Secure have a very good Questions and Answers post on their Blog that cuts through some of the hype. Remember April 1st only impacts on machines already infected with the Conficker C variant. If your machine is not infected nothing will happen to it.
To prevent infection by Conficker C you can follow the steps outlined in our earlier post. Should you feel that you do not have enough time to put those measures in place, researchers from the Univeristy of Bonn have issued a paper on how to contain Conficker C on your network.
To detect if you have any infected machines on your network Nessus has a plugin, 36036, available and Nmap 4.85 Beta can also detect infected computers. The US Department of Homleand Security has also released a detection tool . Should you detect any machines infected with Conficker C, the Internet Storm Center has a list of removal tools.
Conficker C is due to activate its update at midnight GMT tonight. So by this time tomorrow we should now exactly what all the fuss is about.