MENLO PARK, Calif. — Members of an informal global alliance of computer security specialists who have been attempting to eradicate a malicious software program known as Conficker said Tuesday that they were seeing early attempts by the program to communicate with a control server. The researchers said they were uncertain if the program had been successful.
The Conficker software, which has spread aggressively around the globe since October and is designed to lash together infected machines into a powerful computer known as a botnet, has touched off widespread concern.
Computer security researchers who have examined a recent version of the program, called Conficker C, have said that it was set to attempt to download commands from a server at an unknown Internet location on April 1. There was no certainty about the intent of the program, which could be used to send e-mail spam, distribute malware or to generate a potentially devastating denial of service attack on Web sites or networks.
The choice of April Fool’s Day by the program’s authors, who are unknown, has led to speculation that the program might be a hoax. But a wide variety of computer security executives and law enforcement officials have noted that the program, which has spread to at least 12 million computers, could inflict genuine harm. Consensus among security specialists on Tuesday was that it was likely to take several days before the intent of the program could be determined.
A group of computer security specialists has attempted to make it impossible for Conficker’s authors to download instructions to infected computers. During that period the designers of the malware began distributing the C version of their program. It was intended to begin contacting 50,000 Internet domains on April 1. In response, the researchers have created a system that will allow them to trap all of the attempted botnet communications. That has involved a global effort that has included monitoring the domains of 110 countries.
A spokeswoman for the Conficker Cabal, a security working group organized by Microsoft and other computer security companies, said on Tuesday that the group had no new information to report about the activity of the malware program.
“All we are saying is ‘patch and clean, patch and clean,’ ” said Nicole Miller, a Microsoft spokeswoman, in a reference to the process of disinfecting and protecting computers that have been infected by the software which targets Windows-based computers.
Separately, I.B.M. said that Mark Yason, a company researcher, had decoded Conficker’s internal communication protocol. The company said that will make it easier for security teams to detect and interrupt the program’s activities.
Earlier this year Microsoft offered a $250,000 reward for information leading to the arrest of Conficker’s author or authors.