MADISON, Wis. (4/2/09)--The Conficker worm wasn't exactly an April Fool's Day joke. It didn't live up to its hype, according to media reporting the progress of the computer worm. That didn't surprise Kevin Prince, chief architect of Perimeter eSecurity, a CUNA Strategic Services provider. In his network security blog (see the resource link), Prince said he didn't expect anything significant to happen Wednesday. "Conficker is a fairly new worm that infects unpatched Microsoft systems turning them into 'zombies'--a computer under the command and control of someone else. Understand that when a system is compromised, the remote attacker now has higher level privileges on the system than the user does. When many zombies are 'harvested' (exploited by the malicious software worm), the cyber criminals organize them into what is known as a botnet," Prince said. A botnet is simply many compromised systems under the control of an individual or group. Botnets can range in size, but an average botnet compromises 250,000 computers, Prince said. "Conficker has been estimated as high as 10 million or more, but with a concerted effort over the last few months to tame Conficker, the estimates are between one and three million." However, any worm with several million computers under its command can "do some pretty significant damage," he said. That could include taking areas of the Internet offline in a distributed denial of service attack. But most of the time, botnets are used to send out large quantities of SPAM. Researchers and security professionals play cat and mouse to find new ways of identifying and removing malicious software such as Conficker, while the cyber criminals develop new ways of counteracting these tactics. "As a result, you get different variations of the worm. Just like a flu bug that changes from year to year, Conflicker is modified from time to time." A fourth variation on Conficker (the "C" variant) was set to be unleashed Wednesday. "We knew this because researchers had broken into the worm's code and detected that beginning April 1, the software would begin using several new enhancements," Prince said. The enhancements are what credit unions should be concerned about. They include new methods for communicating back to a master command and control system, which is much more difficult to stop than previous versions, Prince said. They also include new ways to spread from one system to another. This only affects systems that are already infected with the malware. With these enhancements in place, it would enable the cyber criminals in control of Conficker to perform some attack or use these systems more effectively while spreading/harvesting additional systems. " April 1st was simply the day the software gets enhanced. It has nothing to do with when the systems would be used for attacks. We simply can't know when they will use this botnet for their nefarious purposes. April 1st simply marks the day when they COULD do something," Prince said. "The good news is that all this media attention has put a spotlight on the issue and made a lot of people aware of this malware," he said, adding that patches, scanners and other tools are available to protect systems by detecting and removing the worm from infected systems. "There are now even scanning tools available for IT administrators to scan entire networks and detect infected systems so it no longer has to be done system by system," he said. "As a result, I believe the number of infected systems is going to be reduced significantly. Keep in mind that the majority of compromised systems are believed to be in Asia and India where pirated Microsoft operating systems are heavily used." "The bad news is that this variant of the worm has some very creative communication methods and other enhancements that post significant challenges to researches to stop this and future worms like it." Although nothing significant happened on April Fools Day with Conficker, the attention paid to it makes the world "a little bit safer," Prince said. Many will probably think of this as a cyber fire drill that worked fairly well. In another development Wednesday, authorities arrested three teenage ex-software developers they believe are the Conifer worm hackers (yourfindit.com April 1).