I was reading a story this morning from Yahoo about the Conficker worm that comes out every year on April 1st. The first Conficker worm was sent out in 2008 and infected over 9 million computers. Now it's on its third version, Conficker C, and is "incredibly complicated, powerful, and virulent".
Microsoft has offered a quarter million dollar bounty on the writer of the worm and are trying to find a solution before April 1st gets here. They say:
And from the Windows Live OneCare website:"What's known so far is that on April 1, all infected computers will come under the control of a master machine located somewhere across the web, at which point anything's possible. Will the zombie machines become denial of service attack pawns, steal personal information, wipe hard drives, or simply manifest more traditional malware pop-ups and extortion-like come-ons designed to sell you phony security software? No one knows.Conficker is clever in the way it hides its tracks because it uses an enormous number of URLs to communicate with HQ. The first version of Conficker used just 250 addresses each day -- which security researchers and ICANN simply bought and/or disabled -- but Conficker C will up the ante to 50,000 addresses a day when it goes active, a number which simply can't be tracked and disabled by hand.
At this point, you should be extra vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it.
Microsoft also offers a free online safety scan here, which should be able to detect all Conficker versions."
How do I know if my computer is infected?
System Changes
So I thought, well, I'm safe, I have McAfee...I have Spyzooka...I automatically update and have my firewall and Windows Defender set up to run automatically...I'm good right?The following system changes may indicate the presence of this malware:
- The following services are disabled or fail to run:
Windows Update Service
Background Intelligent Transfer Service
Windows Defender
Windows Error Reporting Services
- Some accounts may be locked out due to the following registry modification, which may flood the network with connections:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"TcpNumConnections" = "0x00FFFFFE"
- Users may not be able to connect to websites or online services that contain the following strings:
virus
spyware
malware
rootkit
defender
microsoft
symantec
norton
mcafee
trendmicro
sophos
panda
etrust
networkassociates
computerassociates
f-secure
kaspersky
jotti
f-prot
nod32
eset
grisoft
drweb
centralcommand
ahnlab
esafe
avast
avira
quickheal
comodo
clamav
ewido
fortinet
gdata
hacksoft
hauri
ikarus
k7computing
norman
pctools
prevx
rising
securecomputing
sunbelt
emsisoft
arcabit
cpsecure
spamhaus
castlecops
threatexpert
wilderssecurity
windowsupdate
Then I looked in my system tray and NOTHING WAS THERE! Windows Defender had been turned off; McAfee off; Spyzooka off. Ack! I immediately stopped what I was doing and ran every kind of scan I have. I found several viruses.
I'm glad I came across the story and checked into my own PC. I hope y'all check yours too. This could be bad, bad, bad.
1 COMMENTS:
Ouch. This sounds pretty painful. I have a feeling that I'm pretty vulnerable. Thanks for the info. I'll put it to good use.
Post a Comment
If you can't fix it with duct tape, you haven't used enough.
You should really comment if you're here. It would make me very happy. I thrive on attention. You should know this by now. You should automatically click on the comment button and say SOMETHING! FEED MY NEED!! TALK TO ME!!!! Please. :)