Author Topic: Worm on April 1st (Read 6858 times)

drhayden1 · « **on:** March 25, 2009, 07:53:59 PM »

In an event that hits the computer world only once every few years, security experts are racing against time to mitigate the impact of a bit of malware which is set to wreak havoc on a hard-coded date. As is often the case, that date is April 1.

Malware creators love to target April Fool's Day with their wares, and the latest worm, called Conficker C, could be one of the most damaging attacks we've seen in years.

Conficker first bubbled up in late 2008 and began making headlines in January as known infections topped 9 million computers. Now in its third variant, Conficker C, the worm has grown incredibly complicated, powerful, and virulent... though no one is quite sure exactly what it will do when D-Day arrives.

Thanks in part to a quarter-million-dollar bounty on the head of the writer of the worm, offered by Microsoft, security researchers are aggressively digging into the worm's code as they attempt to engineer a cure or find the writer before the deadline. What's known so far is that on April 1, all infected computers will come under the control of a master machine located somewhere across the web, at which point anything's possible. Will the zombie machines become denial of service attack pawns, steal personal information, wipe hard drives, or simply manifest more traditional malware pop-ups and extortion-like come-ons designed to sell you phony security software? No one knows.

Conficker is clever in the way it hides its tracks because it uses an enormous number of URLs to communicate with HQ. The first version of Conficker used just 250 addresses each day -- which security researchers and ICANN simply bought and/or disabled -- but Conficker C will up the ante to 50,000 addresses a day when it goes active, a number which simply can't be tracked and disabled by hand.

At this point, you should be extra vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it.

Jtaylor83 · « **Reply #1 on:** March 25, 2009, 09:17:53 PM »

Quote from: drhayden1 on March 25, 2009, 07:53:59 PM

At this point, you should be extra vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it.

The other two options: Back up your personal documents before April Fools or buy an alternative OS such as a Mac or Linux.

bob3160 · « **Reply #2 on:** March 25, 2009, 11:41:41 PM »

You could also not turn on your computer on April Fools Day....

jthomson3rd · « **Reply #3 on:** March 25, 2009, 11:45:08 PM »

i just read this.. every news site has the story. sounds crappy. hope I'm not infected, i have many spyware searchers and Avast.. so i think I'll be safe

DavidR · « **Reply #4 on:** March 26, 2009, 12:24:45 AM »

There is I believe another topic relating to this and by all accounts there was a patch released about it. However, I never warn about things that 'might' happen as that causes more paranoia than the actual problem.

April the 1st is just another day and I will continue as normal with my current security set-up as it has stood the test of time of numerous so called bad-assed viruses/viruses set to wreak havoc. Practice safe hex and ensure you have a back-up and recovery strategy if all else fails.

drhayden1 · « **Reply #5 on:** March 26, 2009, 11:02:02 PM »

Just as Davidr said above just practice safe methods
but just in case
http://www.bdtools.net/
a tool that will remove it

DavidR · « **Reply #6 on:** March 26, 2009, 11:18:12 PM »

Well that and ensuring your OS is fully up to date and patched.

Quote

WHAT TO DO BEFORE APRIL 1ST:
The best defense is to apply Microsoft Security Bulletin MS08-067 to eliminate the vulnerability. Administrators should ensure every system on their network, internal and external, physical and virtual, has the MS08-067 patch applied. Before trying to clean or detect any systems that may be infected with the Conficker virus, administrators must first apply the patch. Attempting to clean systems without first protecting them will only present a never-ending process of Virus removal. By applying MS08-067, administrators will then be able to start the task of scanning for infected devices and restoring them back to their desired state.

WHAT TO DO AFTER APRIL 1ST:
If you have not installed the MS08-067 patch on all systems before April 1st, and systems are infected, researchers claim that you will not be able to apply the patch to the infected systems. You will have to manually remove the virus and then apply the patch. This can leave your system open for re-attack in the timeframe between removing the virus and applying the patch.

FreewheelinFrank · « **Reply #7 on:** March 26, 2009, 11:26:08 PM »

The Bambleweeny 57 sub-meson brain is not vulnerable to this.

Jtaylor83 · « **Reply #8 on:** March 27, 2009, 03:29:20 AM »

Even with the MS08-067 patch, the "C" variant can still spread.

I also figured out where this worm originated. China.

alanrf · « **Reply #9 on:** March 27, 2009, 04:17:01 AM »

Are you referring to the fact that the patch does not remove the problem from those already infected?

Author Topic: Worm on April 1st (Read 6858 times)

drhayden1

Worm on April 1st

Jtaylor83

Re: Worm on April 1st

bob3160

Re: Worm on April 1st

jthomson3rd

Re: Worm on April 1st

DavidR

Re: Worm on April 1st

drhayden1

Re: Worm on April 1st

DavidR

Re: Worm on April 1st

FreewheelinFrank

Re: Worm on April 1st

Jtaylor83

Re: Worm on April 1st

alanrf

Re: Worm on April 1st