The media is telling us that the Conficker computer virus cum doomsday machine is going to hit tomorrow. I am a professional computer virus analyst in real life, so here's the lowdown.
Conficker is a real virus. It comes in four (or five) main variations, but is frequently repacked so that the files themselves may look quite different from each other.
So why is this so dangerous?
It isn't - at least not initially. The damage done by the current variations is limited to disabling antivirus software, blocking access to security web sites, and, notably, polling websites to see if there are some updates to download and run.
The B variant is an effective spreader and has an update functionality that, from Jan 1st 2009, generates 250 host names each day and polls these for updates. A few times we saw that it managed to download something - it turned out to be new variants of the worm, C and D.
The C and D variants of the worm were rewrites. The spreading functionality is torn out, leaving what really is a downloader trojan with anti-antivirus functionality. The download functionality of Conficker C and D is expanded to generate 50000 host names, of which it selects a random subset to poll for updates. In addition, it can use a custom built peer-to-peer filesharing function in order to distribute files.
This part of the malware (malicious software) is enabled from 00:00 GMT Apr. 1st. However, there is nothing that indicates that there actually will be any update on April 1st. It could happen on April 2nd. 5th. 2nd AND 5th. May 1st. We just don't know.
When that download happens, we don't know what it will be. It could be a new version of the malware. It could be spamming software, an adware application, a fake antivirus program, a remote-controlled bot, or something even more sinister, something we haven't though of. However, history has taught us that it's usually - nothing special. Probably one big yawn.
If your computer is not already infected with Conficker, nothing much will happen to your computer tomorrow.
TO MAKE SURE IT ISN'T, UPDATE YOUR AV PROGRAM AND SCAN YOUR PC. Also make sure you have Microsoft security patches installed.
If you are a network admin, there a cool tool from the Honeynet Project that will enable you to scan network ranges for Conficker-infected hosts. This is available from here.
Awesome analyses of the worm can be found here and here.