Author Topic: Worm on April 1st  (Read 6184 times)

0 Members and 1 Guest are viewing this topic.

Offline drhayden1

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3233
  • Avast & Garfield-Best Protection
Worm on April 1st
« on: March 25, 2009, 07:53:59 PM »
In an event that hits the computer world only once every few years, security experts are racing against time to mitigate the impact of a bit of malware which is set to wreak havoc on a hard-coded date. As is often the case, that date is April 1.

Malware creators love to target April Fool's Day with their wares, and the latest worm, called Conficker C, could be one of the most damaging attacks we've seen in years.

Conficker first bubbled up in late 2008 and began making headlines in January as known infections topped 9 million computers. Now in its third variant, Conficker C, the worm has grown incredibly complicated, powerful, and virulent... though no one is quite sure exactly what it will do when D-Day arrives.

Thanks in part to a quarter-million-dollar bounty on the head of the writer of the worm, offered by Microsoft, security researchers are aggressively digging into the worm's code as they attempt to engineer a cure or find the writer before the deadline. What's known so far is that on April 1, all infected computers will come under the control of a master machine located somewhere across the web, at which point anything's possible. Will the zombie machines become denial of service attack pawns, steal personal information, wipe hard drives, or simply manifest more traditional malware pop-ups and extortion-like come-ons designed to sell you phony security software? No one knows.

Conficker is clever in the way it hides its tracks because it uses an enormous number of URLs to communicate with HQ. The first version of Conficker used just 250 addresses each day -- which security researchers and ICANN simply bought and/or disabled -- but Conficker C will up the ante to 50,000 addresses a day when it goes active, a number which simply can't be tracked and disabled by hand.

At this point, you should be extra vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it.
« Last Edit: March 25, 2009, 07:55:48 PM by drhayden1 »
Gateway Laptop-AMD Phenom™ II Quad-Core Processor N830 (2.1GHz)-5000MB Dual-Channel DDR3 1066MHz Memory-ATI Radeon® HD 5650 Graphics with up to 1024MB of dedicated memory-500GB 5400RPM SATA hard drive-Windows® 8 Pro (64bit)-Windows Live Mail-Kaspersky Pure 3.0-WinPatrol Plus....

Offline Jtaylor83

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1066
Re: Worm on April 1st
« Reply #1 on: March 25, 2009, 09:17:53 PM »
At this point, you should be extra vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it.

The other two options: Back up your personal documents before April Fools or buy an alternative OS such as a Mac or Linux.
Avast 6.0, MalwareByte's Anti-Malware, CCleaner, Defraggler, DownloadHelper, WOT, NoScript, KeyScrambler, Thunderbird, Firefox, Windows XP SP3.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 43694
  • 60 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Worm on April 1st
« Reply #2 on: March 25, 2009, 11:41:41 PM »
You could also not turn on your computer on April Fools Day.... ;D
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1909 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.3.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline jthomson3rd

  • Full Member
  • ***
  • Posts: 109
Re: Worm on April 1st
« Reply #3 on: March 25, 2009, 11:45:08 PM »
i just read this.. every news site has the story. sounds crappy. hope I'm not infected, i have many spyware searchers and Avast.. so i think I'll be safe

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83296
  • No support PMs thanks
Re: Worm on April 1st
« Reply #4 on: March 26, 2009, 12:24:45 AM »
There is I believe another topic relating to this and by all accounts there was a patch released about it. However, I never warn about things that 'might' happen as that causes more paranoia than the actual problem.

April the 1st is just another day and I will continue as normal with my current security set-up as it has stood the test of time of numerous so called bad-assed viruses/viruses set to wreak havoc. Practice safe hex and ensure you have a back-up and recovery strategy if all else fails.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.5.2415 (build 20.5.5410.561) UI-1.0.532/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline drhayden1

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3233
  • Avast & Garfield-Best Protection
Re: Worm on April 1st
« Reply #5 on: March 26, 2009, 11:02:02 PM »
Just as Davidr said above just practice safe methods
but just in case
http://www.bdtools.net/
a tool that will remove it
Gateway Laptop-AMD Phenom™ II Quad-Core Processor N830 (2.1GHz)-5000MB Dual-Channel DDR3 1066MHz Memory-ATI Radeon® HD 5650 Graphics with up to 1024MB of dedicated memory-500GB 5400RPM SATA hard drive-Windows® 8 Pro (64bit)-Windows Live Mail-Kaspersky Pure 3.0-WinPatrol Plus....

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83296
  • No support PMs thanks
Re: Worm on April 1st
« Reply #6 on: March 26, 2009, 11:18:12 PM »
Well that and ensuring your OS is fully up to date and patched.

Quote
WHAT TO DO BEFORE APRIL 1ST:
The best defense is to apply Microsoft Security Bulletin MS08-067 to eliminate the vulnerability. Administrators should ensure every system on their network, internal and external, physical and virtual, has the MS08-067 patch applied. Before trying to clean or detect any systems that may be infected with the Conficker virus, administrators must first apply the patch.  Attempting to clean systems without first protecting them will only present a never-ending process of Virus removal.   By applying MS08-067, administrators will then be able to start the task of scanning for infected devices and restoring them back to their desired state.

WHAT TO DO AFTER APRIL 1ST:
If you have not installed the MS08-067 patch on all systems before April 1st, and systems are infected, researchers claim that you will not be able to apply the patch to the infected systems.   You will have to manually remove the virus and then apply the patch.  This can leave your system open for re-attack in the timeframe between removing the virus and applying the patch.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.5.2415 (build 20.5.5410.561) UI-1.0.532/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Worm on April 1st
« Reply #7 on: March 26, 2009, 11:26:08 PM »
The Bambleweeny 57 sub-meson brain is not vulnerable to this.

 8)
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Jtaylor83

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1066
Re: Worm on April 1st
« Reply #8 on: March 27, 2009, 03:29:20 AM »
Even with the MS08-067 patch, the "C" variant can still spread.

I also figured out where this worm originated. China.



« Last Edit: March 27, 2009, 04:47:30 AM by Jtaylor83 »
Avast 6.0, MalwareByte's Anti-Malware, CCleaner, Defraggler, DownloadHelper, WOT, NoScript, KeyScrambler, Thunderbird, Firefox, Windows XP SP3.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: Worm on April 1st
« Reply #9 on: March 27, 2009, 04:17:01 AM »
Are you referring to the fact that the patch does not remove the problem from those already infected?