Security experts eye worm attack

Conficker has infected up to 15 million computers to date and is set to change the way it works today. There have been some reports the worm could trigger poisoned machines to access personal files, send spam, clog networks or crash sites.

"We don't know what will happen but don't expect anything dramatic," Symantec's Vincent Weafer told the BBC.

He added: "We believe the software is geared towards making money. The characteristic of this type of worm is to keep it slow and low, keep it under the radar to slowly maximise profits over the long term." Mr Weafer, vice-president of security response at anti-virus firm Symantec, said: "We are going to be on high alert for a long time. Come 2 April we will still be watching while most people will have moved their focus elsewhere."

Conficker, also known as Downadup or Kido, first appeared last November. The worm is self-replicating and has attacked a vulnerability in machines using Microsoft's Windows operating system, the software that runs most computers.

It can infect machines via a net connection or by hiding on USB memory drives used to ferry data from one computer to another. Once in a computer, it digs deeps, setting up defences making it hard to extract.

Among those affected by the virus have been the House of Commons and the defence forces of the UK, Germany and France.

The reason for the hype and the concern around Conficker is that 1 April is the day the worm is set to change the way it updates itself, moving to a system that is much harder to combat.

Five months ago a consortium of web security firms banded together to form the Conficker Working Group, to learn more about the worm and to try to stop it.

Last weekend the team located what they call a "fingerprint" or "signature" for the virus that means they can detect how an infected machine can be identified on a network much quicker than previously.