Conficker C Worm on April fools day (No Joke)

[cycloneye]

It looks like we will have to be watching our computers to see if this worm appears.In the link below the excerpt and example you can see how you can detect it.

-- A computer-science detective story is playing out on the Internet as security experts try to hunt down a worm called Conficker C and prevent it from damaging millions of computers on April Fool's Day.

This piece of computer code tells the worm to activate on April 1, 2009, researchers at CA found.

The anti-worm researchers have banded together in a group they call the Conficker Cabal. Members are searching for the malicious software program's author and for ways to do damage control if he or she can't be stopped.

They're motivated in part by a $250,000 bounty from Microsoft and also by what seems to be a sort of Dick Tracy ethic.

"We love catching bad guys," said Alvin Estevez, CEO of Enigma Software Group, which is one of many companies trying to crack Conficker. "We're like former hackers who like to catch other hackers. To us, we get almost a feather in our cap to be able to knock out that worm. We slap each other five when we're killing those infections."

The malicious program already is thought to have infected between 5 million and 10 million computers.

Those infections haven't spawned many symptoms, but on April 1 a master computer is scheduled to gain control of these zombie machines, said Don DeBolt, director of threat research for CA, a New York-based IT and software company.

What happens on April Fool's Day is anyone's guess.

The program could delete all of the files on a person's computer, use zombie PCs -- those controlled by a master -- to overwhelm and shut down Web sites or monitor a person's keyboard strokes to collect private information like passwords or bank account information, experts said.

Story Highlights
The Conficker C computer worm is expected to activate on April Fool's Day

The worm lets a master computer take over infected zombie PCs

It's unclear what the program's author plans to do with all the power

A group called the Conficker Cabal is trying to hunt down solutions




http://edition.cnn.com/2009/TECH/03/24/ ... index.html

[bvigal]

Thanks for posting this, Luis! Did some research, here's what I found.

Quick search of CA (Computer Associates) for Conficker found nothing, maybe they have it listed under another name. Didn't waste a lot of time there, found it on several security software sites, though most relevant is Microsoft, because the worm exploits vulnerability MS08-067.

New variant "C" documented yesterday, March 24: http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.C

Above article also refers as preventative to MS08-067, which was documented and patched in MS Critical Updates of October, 2008. Here's the link:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Once the worm infects a computer, MS Updates and Malicious Software Removal Tools may not function. If your computer has a date anytime following Jan 1, you are vulnerable, don't wait for April 1 to do MS updates and keep antivirus defs updated.

[cycloneye]

I am bumping this as tommorow is D-Day or not? The latest info at link.

http://www.foxnews.com/story/0,2933,511813,00.html

[abajan]

It might be wise to simply stay offline tomorrow.

[cycloneye]

abajan,I am afraid that wont protect you.Read info about how to protect from the worm at link.

What won't work? Turning your PC off tonight and back on on April 2 will not protect you from the worm. Temporarily disconnecting your computer from the web won't help if the malware is already on your machine -- it will simply activate once you connect again. Changing the date on your PC will likely have no helpful effect, either. And yes, Macs are immune this time out. Follow the instructions to detect and remove the worm.

http://tech.yahoo.com/blogs/null/132464

[JonathanBelles]

I just ran norton a little while ago and it turned up nothing, but is there a patch out there for it? I know I will be nervous when I wake up in the morning.

[cycloneye]

The worm fails to show up.I was wondering when I turned on my PC what would happen,but here I am.

http://news.bbc.co.uk/2/hi/technology/7976099.stm

[coriolis]

I stayed up late last night, made sure my software was updated, backed up my important documents, deleted files containing passwords, and then nothing happened.

Good things to do anyway...

[LilGrimmy]

Is there any way it will effect a Mac? All I have on my laptop now is FireWall. I don't have any other program. Will it be ok?

[x-y-no]

Is there any way it will effect a Mac? All I have on my laptop now is FireWall. I don't have any other program. Will it be ok?

No. It's purely a Microsoft Windows exploit.

[LilGrimmy]

Is there any way it will effect a Mac? All I have on my laptop now is FireWall. I don't have any other program. Will it be ok?

No. It's purely a Microsoft Windows exploit.

Thanks! I was so worried! Well lets hope someone gets this under control!

[coriolis]

It'll never get under control. Good guys vs. bad guys.
As long as the bad guys have a profit motive they'll keep on doing their thing.

It's so much like virus's in the biological realm. The virus's keep mutating and morphing, and our immune system has to react to them.