April Fool's Computer Virus

[sureLoss]

Just a heads up to make sure your (and anyone else that depends on you for IT support) virus scanner is uptodate.

http://edition.cnn.com/2009/TECH/03/...orm/index.html

Quote:

A computer-science detective story is playing out on the Internet as security experts try to hunt down a worm called Conficker C and prevent it from damaging millions of computers on April Fool's Day.



The anti-worm researchers have banded together in a group they call the Conficker Cabal. Members are searching for the malicious software program's author and for ways to do damage control if he or she can't be stopped.

They're motivated in part by a $250,000 bounty from Microsoft and also by what seems to be a sort of Dick Tracy ethic.

"We love catching bad guys," said Alvin Estevez, CEO of Enigma Software Group, which is one of many companies trying to crack Conficker. "We're like former hackers who like to catch other hackers. To us, we get almost a feather in our cap to be able to knock out that worm. We slap each other five when we're killing those infections."

The malicious program already is thought to have infected between 5 million and 10 million computers.

Those infections haven't spawned many symptoms, but on April 1 a master computer is scheduled to gain control of these zombie machines, said Don DeBolt, director of threat research for CA, a New York-based IT and software company.

What happens on April Fool's Day is anyone's guess.

[ken0042]

Seems to be a lot to do about nothing. The security flaw this exploits was patched with an update back in October.

In case you are missing the patch:
Security Update for Windows XP (KB958644)
Security Update for Windows Vista (KB958644)
Security Update for Windows 2000 (KB958644)

[Hack&Lube]

Quote:

Originally Posted by ken0042

Seems to be a lot to do about nothing. The security flaw this exploits was patched with an update back in October.

In case you are missing the patch:
Security Update for Windows XP (KB958644)
Security Update for Windows Vista (KB958644)
Security Update for Windows 2000 (KB958644)

I've found confickers buried deep on dozens of families and friends computers, removable storage, and other devices. Conficker is much more prevalent and resistant than you know. Security companies estimate that 30% of Windows PCs in the world are not patched. The U.K. Ministry of Defence said that it was found on Royal Navy Aircraft Carriers and Submarines. There are many people and even IT for companies that don't properly patch, auto-update, run any anti-malware or anti-virus, etc. and many of them don't even pick up certain variations of Conficker. Even NOD32 failed me and I had to turn to MalwareBytes to get it out of the home network.

Conficker hides on anything with storage, even USB sticks, SD cards in Cameras, Mp3 players, etc. Even if you are patched yourself, conficker can still be present and if you are passing files around on a USB stick, conficker can easily spread to friends, work, school computers, etc. There are probably 9-15 million infected computers out there.

[malcolmk14]

Quote:

Originally Posted by Hack&Lube

Conficker hides on anything with storage, even USB sticks, SD cards in Cameras, Mp3 players, etc. Even if you are patched yourself, conficker can still be present and if you are passing files around on a USB stick, conficker can easily spread to friends, work, school computers, etc. There are probably 9-15 million infected computers out there.

You still talking about Conficker? This sounds like HPV with some clever euphemisms.

[Canada 02]

so what happened?

[OBCT]

huh. All my computers are still running alright a day after.

Much ado about nothing?

[kukkudo]

some computers apparently got it, other than that it was mostly just media hype

http://www.techspot.com/news/34121-c...st-so-far.html

[Bobblehead]

It "called home" but it wasn't triggered to actually do anything.

It may be that there were enough checks put in place to stop anything from happening
or the writer was afraid to actually trigger anything
or the writer was just getting a count to see how many machines are infected.

I think that until the infected machines are patched, something bad may happen; but the longer the gap the more likely that this particular issue will become less of an issue.

[Hack&Lube]

And the real mass of infected computers are in asia. Like 80% of infected computers are over there and not here anyway.

[Barnes]

And yet another reason to not network the computers in our Battlestars.

[llama64]

I woke up to some crap about how Conflicker was going to eat my babies this morning. It's a worm used to create a massive botnet.

The media coverage has been just short of hysterical.

[Yeah_Baby]

Quote:

Originally Posted by Barnes

And yet another reason to not network the computers in our Battlestars.

Unless you plug in a lobotomized member of the final five.

[sclitheroe]

Quote:

Originally Posted by llama64

I woke up to some crap about how Conflicker was going to eat my babies this morning. It's a worm used to create a massive botnet.

The media coverage has been just short of hysterical.

Yes and no. Hysterical in the sense that the internet was going to die on April 1st, yes.

But Conficker should be treated with caution overall. It is designed to operate as a framework for criminal workloads, is designed to be updated and patched in the wild, and most interestingly, is designed to resist tampering and removal in the same ways that a lot of antivirus programs do. In other words, its far more capable and well written than a lot of worms that have come before it.

Read up on some of the ideas Conficker brings to the malware table: http://www.sophos.com/sophos/docs/en...r-analysis.pdf


I'm not suprised it didn't create a big stir on April 1st. Its out there, and it will be sold to the highest bidder on the black market.