Conficker Computer Worm To Evolve On 01 April

[livinthailandos]

hope you guys are prepared for this new bug that should activate on April 1. Note The program does not infect Macintosh or Linux-based computers.) or so the article says. mostly its hitting pirated based windows jee i'm sure there are quite a few here in thailand. If you guys had watch BBC Click these week when they got a botnet I saw quite a few computers based from thailand. article link is here

http://bits.blogs.nytimes.com/2009/03/19/t...kable-disaster/

[JetsetBkk]

hope you guys are prepared for this new bug that should activate on April 1. Note The program does not infect Macintosh or Linux-based computers.) or so the article says. mostly its hitting pirated based windows jee i'm sure there are quite a few here in thailand. If you guys had watch BBC Click these week when they got a botnet I saw quite a few computers based from thailand. article link is here

http://bits.blogs.nytimes.com/2009/03/19/t...kable-disaster/

According to here: http://www.microsoft.com/technet/security/...n/MS08-067.mspx , Windows XP Service Pack 2 and Windows XP Service Pack 3 are fixed by the update "Windowsxp-kb958644-x86-enu". So if you have automatic updates ON, you should be OK.

(Also, I have an uninstall folder in my C:\Windows folder called "$NtUninstallKB958644$", so I guess this fix was automatically installed by the normal Windows Update process.)

[dave_boo]

OpenSuSE 11.1. Enuff said.

[JetsetBkk]

avast! is ready for 1 April; are you?

April 1st is a date often targeted by the creators of malware and this year will be no exception. There are currently a lot of reports in the media about potential new virus threats and speculation about the potential impact of new viruses such as the Conficker worm. However, provided your computer’s operating system and your avast! antivirus are up to date, the risk is very small and there is no need to be unduly concerned.

To ensure you are protected against any potential new malware threats, before March 31st you should make sure that your antivirus program and virus definitions are completely up-to-date and that you have installed all available Windows security updates. We recommend checking that avast! is set to update itself and the virus database automatically – to check this, right click your avast! a-ball in the bottom right corner of your screen, select “Program settings” and then “Update (Basic)”. Here you should make sure that the virus database is set to “automatic”.

Also, whenever you switch on your computer, make sure that avast! is actually running. Some viruses are designed to specifically target antivirus programs and to turn them off, however avast! contains strong self-defense which is designed to prevent this. If avast! is running, you should see the normal blue a-ball in the bottom right corner of your screen. If it is switched off, it will contain a circle with a red line through it.

And finally, make sure that you have the latest Windows security updates. In particular, the Conficker worm takes advantage of a Windows vulnerability which Microsoft fixed in late 2008. Users of Windows Vista or XP (SP2 and higher) should have had this update installed automatically.

- message from my anti-virus s/w.

[regedit]

Anyone know where there a list of updates that M$ have issued and their ratings (important, critical, etc) since the last service packs for those that don't like to use the 'auto-update' feature of windows?

[ernest1966]

You can create your own xp installer boot cd with the lates patches. You obviously need a xp boot cd to start with. As a checkpoint use a boot cd patched with sp3.

This is what i do.

1. BACK STUFF UP

2. Download nlite URL: http://www.nliteos.com/

3. Download RyanVM integrator: http://integrator.siginetsoftware.com/index.php?download

4. Download the latest post SP3 update pack - thats every update after SP3: http://red.caek.org/addons/

5. Run nlite, copy your XP/SP3 cd to your HD

6. Run RyanVM integrator, apply the post SP3 update patch

7. OPTIONAL: run nlite and get rid of all that extra CR*P that microsoft put in the install

8. Run nlite, create and burn the boot cd

9. Install your new patched xp

Ernest

[RKASA]

  "Of course, if you've set Windows to install Microsoft security patches automatically and have kept your anti-virus utility current, you should be safe. So if you haven't been downloading those updates, now would be a swell time to start."

Right at the same time MS is issuing new WGA via auto updates which turns off pirated based windows xppro.  

Conflicker may have its real org. in redmond.?     just kidding!

Have your live linux cd ready to download the fixs as this conflicker locks out secuity sites and MS web sites.

[peter991]

Conficker computer worm to evolve on April Fool's Day

A TENACIOUS computer worm which has wriggled its way onto machines worldwide is set to evolve on April Fool's Day, becoming harder to exterminate but not expected to wreak havoc.

A task force assembled by Microsoft has been working to stamp out the worm, referred to as Conficker or DownAdUP, and the US software colossus has placed a bounty of $US250,000 ($A354,962) on the heads of those responsible for the threat.

The worm is programmed to modify itself on Wednesday to become harder to stop, according to Trend Micro threat researcher Paul Ferguson, who is part of the Conficker task force.

”There is no evidence of it going into attack mode or dropping any particular payload on April 1st,” Ferguson said.

”What people controlling the botnet are doing is building in survivability because of efforts by the good guys to lessen the harm of this thing.”

The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows RPC Server Service.

It can infect machines from the Internet or by hiding on USB memory sticks carrying data from one computer to another. Once in a computer it digs deep, setting up defences that make it hard to extract.

Malware could be triggered to steal data or turn control of infected computers over to hackers amassing "zombie" machines into “botnet” armies.

A troubling aspect of Conficker is that it harnesses computing power of a botnet to crack passwords.

Microsoft has modified its free Malicious Software Removal Tool to detect and get rid of Conficker.

”As this threat continues to evolve, Microsoft and other collaborative companies will continue to identify new ways to disrupt the Conficker threat to give customers more time to update their systems,” said Christopher Budd, security response communication lead for Microsoft.

Computer users are advised to stay current on anti-virus tools and Windows updates, and to protect computers and files with strong passwords.

Conficker is programmed to reach out to 250 websites daily to download commands from its masters.

[ernest1966]

From what I have read, there are 3 versions of the worm. Only the "C" variant which is not that widespread is supposed to activate and do "stuff" on 1st April.

Now being a paranoid sod, I have the free versions of AVG 8.5, Bitdefender 10 loaded, Spybot S&D, PeerGuardian 2 and finally Sygate Personal Firewall (excellent and free).

Ernest