I was reading a story this morning from Yahoo about the Conficker worm that comes out every year on April 1st. The first Conficker worm was sent out in 2008 and infected over 9 million computers. Now it's on its third version, Conficker C, and is "incredibly complicated, powerful, and virulent".
Microsoft has offered a quarter million dollar bounty on the writer of the worm and are trying to find a solution before April 1st gets here. They say:
And from the Windows Live OneCare website:"What's known so far is that on April 1, all infected computers will come under the control of a master machine located somewhere across the web, at which point anything's possible. Will the zombie machines become denial of service attack pawns, steal personal information, wipe hard drives, or simply manifest more traditional malware pop-ups and extortion-like come-ons designed to sell you phony security software? No one knows.
Conficker is clever in the way it hides its tracks because it uses an enormous number of URLs to communicate with HQ. The first version of Conficker used just 250 addresses each day -- which security researchers and ICANN simply bought and/or disabled -- but Conficker C will up the ante to 50,000 addresses a day when it goes active, a number which simply can't be tracked and disabled by hand.
At this point, you should be extra vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it.
Microsoft also offers a free online safety scan here, which should be able to detect all Conficker versions."
How do I know if my computer is infected?
So I thought, well, I'm safe, I have McAfee...I have Spyzooka...I automatically update and have my firewall and Windows Defender set up to run automatically...I'm good right?The following system changes may indicate the presence of this malware:
- The following services are disabled or fail to run:Windows Update Service
Background Intelligent Transfer Service
Windows Error Reporting Services
- Some accounts may be locked out due to the following registry modification, which may flood the network with connections:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"TcpNumConnections" = "0x00FFFFFE"
- Users may not be able to connect to websites or online services that contain the following strings:virus
Then I looked in my system tray and NOTHING WAS THERE! Windows Defender had been turned off; McAfee off; Spyzooka off. Ack! I immediately stopped what I was doing and ran every kind of scan I have. I found several viruses.
I'm glad I came across the story and checked into my own PC. I hope y'all check yours too. This could be bad, bad, bad.