Truemors
is reporting from
Member
NP Rank:
NP Rank:
April Fools Virus: Conficker C Removal Tool
Share:
by Jordan Yerman | March 25, 2009 at 07:10 am
14411 views | 46 Recommendations | 5 comments
Update: April 1 is here, and no real activity from the Conficker C worm.
While reports have surfaced of infected machines calling for (possible) further instructions, nothing has actually happened yet. This could be by design, or the entire point of the April Fool's worm: an April Fool's joke. Either way, if you're a PC user, you should have already run the Sophos removal tool and double-checked wiht the MS diagnostic, both linked below.
Also, check out this "eye-chart" Conficker detection method: apparently it's more precise than a generic system scan.
I've never seen a piece of malicious code get this much press before, and almost wrote a cyberpocalyptic April Fool's story about it.. but didn't have the heart.
Update: One day to go before the Conficker C worm (aka "April Fools Worm) self-activates. PC owners are scouring the web looking for solutions, checking in with Symantec and MSN for answers (Check below to save yourself the headache). I bet quite a few are doing full re-installs, just to be sure. The US Department of Homeland Security released an anti-Conficker tool that's freely available to... itself. Thanks, guys. I suggest checking out wither the link below, or the latest MSRT (Malicious Software Removal Tool) from Microsoft.
Meanwhile, it's past midnight in Australia and I'm not hearing of any mass worm-borne chaos, so perhaps this is the desired effect of the infection.
Update: There's a break in the Conflickr C worm hunt: Honeynet Project, a German research group, was able to fingerprint Conflickr malware on infected machines. However, the diagnostic tools used are enterprise-caliber, most likely used by businesses, and not by individuals. Two days remain before the worm does... whatever it's supposed to do.
Anyone with a network scanner, which trolls infrastructure for oddities, has two days to find the Conflicker worm and mitigate it. And what entities are most likely to have network scanners? Enterprises. The Honeynet Project has released a proof of concept scanner and enterprise scanners from the likes of Tenable (Nessus), McAfee/Foundstone, nmap, ncircle, and Qualys will follow.
The mysterious and virulent Conficker C worm continues to metastasize across the Internet, leaving infected PCs in its wake. I say "mysterious" because nobody seems to know what Conficker C actually does, beyond replicating itself. The security community is saying that this is only the first stage of the worm's attack: once the botnet is created, then it will reach out on April 1 to get directions from whom/whatever controls it. (Before we go any further, here's the Conficker Removal Tool, courtesy of Sophos)
Videos
It could be a big April Fool's hoax (oh, I hope so), but either way its high media profile draws attention to the overall threat of PC infection. Indeed, Conficker C isn't necessarily more spreadable than the myriad other threats out there, but the April-1st angle has a sexy scare element to it.
The Conficker C Internet worm is a brand-new, sophisticated computer virus that latches onto Windows PCs via unreliable websites and infected downloads. It exploits weaknesses in Microsoft's operating system and conceals itself on a hard drive, laying dormant until April 1 when it will "call home" and search for new instructions from its originator, say Internet experts.
Jose Nazario, manager of security research at Arbor Networks, claimed that it had been a ‘busy three weeks' in researching the next likely actions of the worm, which hit an estimated nine million computers at the beginning of the year.
Meanwhile, Canada (or its domain embodiment, .ca) is dead-set to make sure the welcome mat is not rolled out for the worm.
CIRA said Tuesday that it is taking a number of steps to stop the Conficker worm, also known as the Downandup worm, from using the .ca domain to perform malicious actions on behalf of those who control it.
Oh, and if you think you're safe with IE8... you're not. At all.
What is NowPublic?
NowPublic lets people work together to cover news events around the world.
Most Recommended Comment
Crowd Power
Jordan Yerman
Vancouver, British Columbia, Canada
Related Stories
Recommendations (46)
RoryKearney
Voorhees, New Jersey, United Stateskuuva
Sunnyvale, California, United States
Blue Crush
Toronto, CanadaAnonymous users (4)
mtammas
Vancouver, Canada
Pythiian1
New York, New York, United States
fwinstead
Washington, District Of Columbia, United States
israeli.agent
India
Rhonda J Mangus
North Tonawanda, New York, United States
Most RecentMost Recommended Comments (5)
at 17:12 on March 29th, 2009
Thanks for this, jordan!
at 19:20 on March 29th, 2009
In addition to running the removal tool, users should also download the appropriate security updates from Microsoft.
at 01:16 on March 31st, 2009
Also an additional information, it is said to do great damage to Win XP SP3 and Vista users. Downloading the microsoft updates won't hurt you.
at 06:54 on April 1st, 2009
http://mycheckdiseasepro.cn/?wm=70083
theres the source of the infection^^^
heres a fix for this:
Worried about the Conficker worm striking on April 1st? A few simple steps can protect you.
Target: All users of Windows XP and Windows Vista.
tool:
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDwndp.exe
source:
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_promo_conficker_worm
at 09:51 on April 1st, 2009
My university is doing well even with a large campus in multiple sites. Maybe it's an April Fool's joke? Just wondering ...