Results 1 to 2 of 2

Thread: April Fools may be on you-- the Conficker Virus

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. March 31, 2009, 10:28 PM #1
    Bokks
    Bokks is offline
    Bokks's Avatar Thinking outside Myself
    Join Date
    Jan 2007
    Location
    Storrs, Connecticut, USA
    Posts
    3,441
    Moderator's Mace (Bronze)

    Default April Fools may be on you-- the Conficker Virus

    All right everyone, there's a really nasty bug going around and I don't mean that it's flu season. Projected to go active on April Fools Day--so unfortunately some of you might be reading this past the date that it's set to go off--is the Conficker Virus, a really nasty little computer virus that could destroy everything on your computer; including corrupting some of your mods for the TW series.

    To better protect yourself I recommend looking at these articles, and make sure that you have scanned your computer with the most comprehensive thing you have recently.

    Also, a few notes of interest, Macs are (once again) immune to this... this may extend to some sort of Firefox immunity too, but I don't know and it's worth protecting yourself even if you have a Mac.

    Windows Announcement
    Spoiler Alert, click show to read: 
    Quote Originally Posted by Microsoft
    Protect yourself from the Conficker computer worm

    Published: March 27, 2009
    The Conficker worm is a computer worm that can infect your computer and spread itself to other computers across a network automatically, without human interaction.
    If you are an IT professional, please visit Conficker Worm: Help Protect Windows from Conficker.
    On This Page

    Am I at risk of having the Conficker worm? What does the Conficker worm do? How does the Conficker worm work?How do I remove the Conficker worm? Where can I find more technical information about the Conficker worm and how can I stay up to date on the Conficker worm? Am I at risk of having the Conficker worm?

    Most antivirus software could detect and block the Conficker worm, so if you have updated antivirus software on your computer, you are at a much lower risk of being infected by the Conficker worm.
    If you or your network administrator have not installed the latest security updates from Microsoft and your antivirus provider, and if you have file-sharing turned on, the Conficker worm could allow remote code execution. Remote code execution allows an attacker to take control of your computer and use it for malicious purposes.
    Top of page
    What does the Conficker worm do?

    To date, security researchers have discovered two variants of the worm in the wild.
    Win32/Conficker.A was reported to Microsoft on November 21, 2008.

    Win32/Conficker.B was reported to Microsoft on December 29, 2008.

    Win32/Conficker.C was reported to Microsoft on February 20, 2009.

    Win32/Conficker.D was reported to Microsoft on March 4, 2009.

    Win32/Conficker.B might spread through file sharing and via removable drives, such as USB drives (also known as thumb drives). The worm adds a file to the removable drive so that when the drive is used, the AutoPlay dialog will show one additional option.
    The Conficker worm can also disable important services on your computer.
    In the screenshot of the Autoplay dialog box below, the option Open folder to view files — Publisher not specified was added by the worm. The highlighted option — Open folder to view files — using Windows Explorer is the option that Windows provides and the option you should use.
    If you select the first option, the worm executes and can begin to spread itself to other computers.

    The option Open folder to view files — Publisher not specified was added by the worm.


    Top of page
    How does the Conficker worm work?

    Here’s an illustration of how the Conficker worm works.





    Top of page
    How do I remove the Conficker worm?

    If your computer is infected with the Conficker worm, you may be unable to download certain security products, such as the Microsoft Malicious Software Removal Tool or accessing certain Web sites, such as Microsoft Update. If you can't access those tools, try using the Windows Live OneCare Safety Scanner.
    Top of page
    Where can I find more technical information about the Conficker worm and how can I stay up to date on the Conficker worm?

    •For additional information, see Centralized Information About the Conficker Worm.

    •For more technical information about the Conficker worm, see the Microsoft Malware Protection Center Virus Encyclopedia

    •Bookmark the Microsoft Malware Protection Center portal and the Microsoft Malware Protection Center blog for updated information.

    •For symptoms and detailed information about how to remove the Conficker worm, see Help and Support: Virus alert about the Conficker Worm.

    •To continue to get updated information on security, sign up for the Microsoft Security for Home Computer Users newsletter.

    For more information, see How to prevent computer worms and How to remove computer worms.


    Yahoo's two bits
    Spoiler Alert, click show to read: 

    Quote Originally Posted by The Article
    Last Minute Conficker Survival Guide

    Tomorrow -- April 1 -- is D-Day for Conficker, as whatever nasty payload it's packing is currently set to activate. What happens come midnight is a mystery: Will it turn the millions of infected computers into spam-sending zombie robots? Or will it start capturing everything you type -- passwords, credit card numbers, etc. -- and send that information back to its masters?
    No one knows, but we'll probably find out soon.
    Or not. As Slate notes, Conficker is scheduled to go "live" on April 1, but whoever's controlling it could choose not to wreak havoc but instead do absolutely nothing, waiting for a time when there's less heat. They can do this because the way Conficker is designed is extremely clever: Rather than containing a list of specific, static instructions, Conficker reaches out to the web to receive updated marching orders via a huge list of websites it creates. Conficker.C -- the latest bad boy -- will start checking 50,000 different semi-randomly-generated sites a day looking for instructions, so there's no way to shut down all of them. If just one of those sites goes live with legitimate instructions, Conficker keeps on trucking.
    Conficker's a nasty little worm that takes serious efforts to bypass your security defenses, but you aren't without some tools in your arsenal to protect yourself.
    Your first step should be the tools you already have: Windows Update, to make sure your computer is fully patched, and your current antivirus software, to make sure anything that slips through the cracks is caught.
    But if Conficker's already on your machine, it may bypass certain subsystems and updating Windows and your antivirus at this point may not work. If you are worried about anything being amiss -- try booting into Safe Mode, which Conficker prevents, to check -- you should run a specialized tool to get rid of Conficker.
    Microsoft offers a web-based scanner (note that some users have reported it crashed their machines; I had no trouble with it), so you might try one of these downloadable options instead: Symantec's Conficker (aka Downadup) tool, Trend Micro's Cleanup Engine, or Malwarebytes. Conficker may prevent your machine from accessing any of these websites, so you may have to download these tools from a known non-infected computer if you need them. Follow the instructions given on each site to run them successfully. (Also note: None of these tools should harm your computer if you don't have Conficker.)
    As a final safety note, all users -- whether they're worried about an infection or know for sure they're clean -- are also wise to make a full data backup today.
    What won't work? Turning your PC off tonight and back on on April 2 will not protect you from the worm (sorry to the dozens of people who wrote me asking if this would do the trick). Temporarily disconnecting your computer from the web won't help if the malware is already on your machine -- it will simply activate once you connect again. Changing the date on your PC will likely have no helpful effect, either. And yes, Macs are immune this time out. Follow the above instructions to detect and remove the worm.


    Beyond all of this, Darth Ravenous gave me this link to the Microsoft site that can scan your computer and give you some powerful anti-virus software. An important detail about the Conficker Virus is that it doesn't allow you to download new virus protection, so if you can't activate something from there or another virus protection software package that you trust you might have the virus in your computer.

    Beyond that, Happy April Fools Day, everyone, and that's no joke.
    Patronized by Vɛrbalcartɷnist|Great-Great-Grandclient of Crandar
    Thinking Outside the Bokks since 2008...
    Reply With Quote Reply With Quote
  2. March 31, 2009, 10:31 PM #2
    ★Bandiera Rossa☭
    ★Bandiera Rossa☭ is offline
    ★Bandiera Rossa☭'s Avatar The Red Menace
    Join Date
    Feb 2007
    Location
    California, USA
    Posts
    6,237

    Default Re: April Fools may be on you-- the Conficker Virus

    Do not use the TOR network for the time being. It has had some issues with this worm.

    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules