Forums > Fishing Club Forum > Computers and Technology
April 1st Internet Worm
Last Post 25 Mar 2009 02:06 PM by davesett2000. 2 Replies.
Printer Friendly
  •  
  •  
  •  
  •  
  •  
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
davesett2000User is Offline Veteran Poster Veteran Poster Send Private Message Posts:2212 davesett2000
--
25 Mar 2009 02:06 PM

    Just got this off of Yahoo Tech....

     

    http://tech.yahoo.com/blogs/null/12...e-april-1/

     

    Beware Conficker worm come April 1 Tue Mar 24, 2009 6:21PM EDT

     

    In an event that hits the computer world only once every few years, security experts are racing against time to mitigate the impact of a bit of malware which is set to wreak havoc on a hard-coded date. As is often the case, that date is April 1.

     

    Malware creators love to target April Fool's Day with their wares, and the latest worm, called Conficker C, could be one of the most damaging attacks we've seen in years.

     

    Conficker first bubbled up in late 2008 and began making headlines in January as known infections topped 9 million computers. Now in its third variant, Conficker C, the worm has grown incredibly complicated, powerful, and virulent... though no one is quite sure exactly what it will do when D-Day arrives.

     

    Thanks in part to a quarter-million-dollar bounty on the head of the writer of the worm, offered by Microsoft, security researchers are aggressively digging into the worm's code as they attempt to engineer a cure or find the writer before the deadline. What's known so far is that on April 1, all infected computers will come under the control of a master machine located somewhere across the web, at which point anything's possible. Will the zombie machines become denial of service attack pawns, steal personal information, wipe hard drives, or simply manifest more traditional malware pop-ups and extortion-like come-ons designed to sell you phony security software? No one knows.

     

    Conficker is clever in the way it hides its tracks because it uses an enormous number of URLs to communicate with HQ. The first version of Conficker used just 250 addresses each day -- which security researchers and ICANN simply bought and/or disabled -- but Conficker C will up the ante to 50,000 addresses a day when it goes active, a number which simply can't be tracked and disabled by hand.

     

    At this point, you should be extra vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it.

     

    Microsoft also offers a free online safety scan here, which should be able to detect all Conficker versions.

     

    http://onecare.live.com/site/en-us/default.htm


    Life Member David BB Linkmeister US Army '78-'85 West Central Wisconsin Photobucket
    Life Member David 2001 BB Linkmeister US Army 1978-1985 Western Wisconsin Photobucket
    davesett2000User is Offline Veteran Poster Veteran Poster Send Private Message Posts:2212 davesett2000
    --
    31 Mar 2009 03:17 PM

    A last minute article on the thing

     

    http://tech.yahoo.com/blogs/null/132464

     

    Last-minute Conficker Survival Guide

     

    Tue Mar 31, 2009 1:42PM EDT

     Tomorrow -- April 1 -- is D-Day for Conficker, as whatever nasty payload it's packing is currently set to activate. What happens come midnight is a mystery: Will it turn the millions of infected computers into spam-sending zombie robots? Or will it start capturing everything you type -- passwords, credit card numbers, etc. -- and send that information back to its masters?

     

    No one knows, but we'll probably find out soon.

     

    Or not. As Slate notes, Conficker is scheduled to go "live" on April 1, but whoever's controlling it could choose not to wreak havoc but instead do absolutely nothing, waiting for a time when there's less heat. They can do this because the way Conficker is designed is extremely clever: Rather than containing a list of specific, static instructions, Conficker reaches out to the web to receive updated marching orders via a huge list of websites it creates.

     

    Conficker.C -- the latest bad boy -- will start checking 50,000 different semi-randomly-generated sites a day looking for instructions, so there's no way to shut down all of them. If just one of those sites goes live with legitimate instructions, Conficker keeps on trucking.

     

    Conficker's a nasty little worm that takes serious efforts to bypass your security defenses, but you aren't without some tools in your arsenal to protect yourself.

     

    Your first step should be the tools you already have: Windows Update, to make sure your computer is fully patched, and your current antivirus software, to make sure anything that slips through the cracks is caught.

     

    But if Conficker's already on your machine, it may bypass certain subsystems and updating Windows and your antivirus at this point may not work. If you are worried about anything being amiss -- try booting into Safe Mode, which Conficker prevents, to check -- you should run a specialized tool to get rid of Conficker.

     

    Microsoft offers a web-based scanner (note that some users have reported it crashed their machines; I had no trouble with it), so you might try one of these downloadable options instead: Symantec's Conficker (aka Downadup) tool, Trend Micro's Cleanup Engine, or Malwarebytes. Conficker may prevent your machine from accessing any of these websites, so you may have to download these tools from a known non-infected computer if you need them. Follow the instructions given on each site to run them successfully. (Also note: None of these tools should harm your computer if you don't have Conficker.)

     

    As a final safety note, all users -- whether they're worried about an infection or know for sure they're clean -- are also wise to make a full data backup today.

     

    What won't work? Turning your PC off tonight and back on on April 2 will not protect you from the worm (sorry to the dozens of people who wrote me asking if this would do the trick). Temporarily disconnecting your computer from the web won't help if the malware is already on your machine -- it will simply activate once you connect again. Changing the date on your PC will likely have no helpful effect, either. And yes, Macs are immune this time out. Follow the above instructions to detect and remove the worm.


     

    Life Member David BB Linkmeister US Army '78-'85 West Central Wisconsin Photobucket
    Life Member David 2001 BB Linkmeister US Army 1978-1985 Western Wisconsin Photobucket
    davesett2000User is Offline Veteran Poster Veteran Poster Send Private Message Posts:2212 davesett2000
    --
    13 Apr 2009 05:19 PM

    This just off of Yahoo...

     

    http://tech.yahoo.com/blogs/null/13...-it-works/

     

    Conficker Eye Chart: How it works

     

    Mon Apr 13, 2009 3:53PM EDT

     

    Many readers have been wondering what the easiest way is to determine whether their computer has been infected with the Conficker worm. Previously I've pointed them to this

     

    http://www.confickerworkinggroup.or...chart.html

     

    and that recommendation still holds -- but now I want to respond to further questions about how it works.

     

    First, some have looked at the spartan Eye Chart and have worried that it might be, at best, a sham designed to lull you into a false sense of security and, at worst, yet another delivery mechanism for the Conficker worm. It is neither.

     

    The Conficker Eye Chart is in reality a very clever way to determine if your computer is compromised, and it doesn't require you to do anything but click one link.

     

    Here's how it works, in brief: Visit the web page linked above and you'll see six images: The three on top are for security software websites, and the three on the bottom are the logos of various open source operating system distributions.

     

    The clever part of all this is that the logos aren't actually being served from the web page linked above, but are rather drawn directly from the six different websites to which each logo belongs.

     

    Conficker (as many other pieces of malware) blocks your web browser from reaching many security websites, so if you don't see some of the security logos on the page, you probably have a problem. Why include the open source logos below it? Because if they don't show up, you are probably simply experiencing an internet connectivity problem instead of being the victim of a malware attack.

     

    Whatever you see on the Eye Chart page, just scroll down a bit to determine how to interpret the images in question. Different strains of Conficker will cause a different set of logos to appear (since Conficker.B doesn't block the SecureWorks logo). Of course, you should also remember that many other viruses and worms block access to security software websites, so not seeing some or all of the images could also be a symptom of a different infestation. If you see all the logos, you're probably in the clear.

     

    One point to remember is that Conficker's creators -- or someone -- have been attempting to attack the Eye Chart page directly, so the page may not load at all. If that's the case, don't assume you have Conficker; it's probably just a temporary site outage.

     

    Instead, try one of these other sites, which are also hosting the exact same Eye Chart and which will work exactly the same way.

     

    http://www.joestewart.org/cfeyechart.html

     

    http://www.baylor.edu/its/security/conficker/

     

    http://www.talkbiz.com/confickertest/

     

    If you have received the Conficker payload already then the eyechart is useless because the revised payload allows the eye chart to work. An alternate way to see if you have Conficker is to try to visit the Windows Update website using IE. IE will halt and crash with the hourglass spinning if Conficker's payload has been installed. You can also try to run the automated Windows Update. If you can get it to run, you will see that all the updates fail to work. Also manually trying to install a new version of IE will also fail. These are all good indications that you have Conficker installed.

     

     


    Life Member David BB Linkmeister US Army '78-'85 West Central Wisconsin Photobucket
    Life Member David 2001 BB Linkmeister US Army 1978-1985 Western Wisconsin Photobucket
    You are not authorized to post a reply.

    Forums > Fishing Club Forum > Computers and Technology