Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

April Fool's Day Conficker worm?

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts
View previous topic :: View next topic  
Author Message
Daveski17
Warrior


Joined: 17 Oct 2008
Last Visit: 17 Jan 2013
Posts: 118
Location: Rainy Olde England

PostPosted: Tue Mar 31, 2009 10:02 am    Post subject: April Fool's Day Conficker worm? Reply with quote

SAN FRANCISCO (AP) -- Looks like you'll have to be on your toes for more than just the occasional innocent prank on April Fools Day.

Computer experts are warning about something called the Conficker worm, a bug that so far has infected at least 3 million PCs. Tech experts say many of the infected machines are set to begin "phoning home" to the worm's creators over the Internet on April 1. When that happens, the people behind it will be able to get the rogue program to send spam, more viruses, clog network traffic or even crash Web sites.

Don't panic just yet, though. Researchers who have been keeping tabs on Conficker say April Fools will probably come and go quietly, as least on the computing front. ~ WUSA 9.com


Anyone got any thoughts, or is this more April tomfoolery?


http://www.wusa9.com/news/watercooler/stor...83658&catid=148



Dunno Blue Grab
_________________
Cry, 'Havoc!' and let slip the dogs of war.

~ Shakespeare Julius Caesar
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 19 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Tue Mar 31, 2009 6:17 pm    Post subject: Reply with quote

No one really knows what might happen yet. There is the potential for the worm to infect thousands of more computers if users are not protected. The more infected computers in the bot net, the more damage can be done -- more spam, possible DDoS attacks and such. But since there's been a lot of publicity, the creators of conficker might not do anything on April 1 -- but they could up their attack at a later date.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 19 Aug 2014
Posts: 10323
Location: sunny California

PostPosted: Tue Mar 31, 2009 9:53 pm    Post subject: Reply with quote

There are two videos here with a really good explanation of how conficker works.

http://www.f-secure.com/weblog/archives/00001642.html
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Daveski17
Warrior


Joined: 17 Oct 2008
Last Visit: 17 Jan 2013
Posts: 118
Location: Rainy Olde England

PostPosted: Tue Mar 31, 2009 10:48 pm    Post subject: Reply with quote

Very interesting.
_________________
Cry, 'Havoc!' and let slip the dogs of war.

~ Shakespeare Julius Caesar
Back to top
View user's profile Send private message
harrywaldron
Junior Member


Joined: 24 Jul 2007
Last Visit: 09 Apr 2009
Posts: 43
Location: Roanoke, Virginia

PostPosted: Fri Apr 03, 2009 6:03 am    Post subject: Reply with quote

So far the malware writers have not seeded additional updates on the "owned" botnet PCs to further update the Conficker worm. While it's been fairly quiet, further updates could occur this weekend or even a month from now. Certainly the bad guys don't want to start seeding new updates with the widespread coverage and everyone watching

The April 1st routine was mainly to update and not attack (although new malware attacks could originate later from an updated infected client). Below are some good security site resources to periodically check on developments (along with these good forums as well):

http://www.f-secure.com/weblog/
http://isc.sans.org/
http://www.avertlabs.com/research/blog/
http://blog.trendmicro.com/

AVERT is reporting a few UDP based updates via the highly encrypted P2P channel
http://www.avertlabs.com/research/blog/index.php/2009/04/01/confickerc-on-the-wire-2/

Quote:
There were a few instances where Conficker.C did discover peers out there, and exchanged short UDP packets with them over several minutes. We were extremely curious about them.


There were some spam "April Fools" hoaxes circulating attempting to alarm folks

http://www.f-secure.com/weblog/archives/00001645.html
http://blog.trendmicro.com/strange-april-foolsd-day-prank/


GREAT RESOURCE FOR CORPORATE ADMINS

Nmap 4.85 Beta6 released to Scan for Conficker Worm
http://insecure.org/
http://nmap.org/download.html


USE THIS LINK TO INSTANTLY CHECK YOUR PC FOR CONFICKER INFECTIONS
http://spywarewarrior.com/viewtopic.php?t=30533
Back to top
View user's profile Send private message Visit poster's website
harrywaldron
Junior Member


Joined: 24 Jul 2007
Last Visit: 09 Apr 2009
Posts: 43
Location: Roanoke, Virginia

PostPosted: Fri Apr 03, 2009 10:18 am    Post subject: Reply with quote

F-Secure has a good FAQ providing the latest developments on this Internet worm:

Conficker - Post April 1st FAQ
http://www.f-secure.com/weblog/archives/00001647.html

Quote:
What really happened was that the Conficker Working Group was able to prevent them from registering any of the domains used by the worm. Never before have we seen such a global cooperation within the industry and we're proud to be a member of that group. Also, it would've been pretty stupid for the people behind Conficker to do something on the day everyone expected them to.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Virus, Worm &Trojan Alerts All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group