The media hasn’t mentioned Conficker for a while so I figured I’d give you a little update about what its doing. BTW, I’m referring media as the mainstream news broadcasters, not the tech blogs/sites out there which most IT people tend to always follow.
Its been nearly 2 weeks since the April 1st doomsday. Last week, Conficker decided to silently start updating itself. It began downloading a variation of Waledac on April 7th. It is fake antispyware/antivirus software much like Antivirus 2009. It will attempt to trick you into purchasing its “services” for some amount. If you fall for the trick, congratulations, your credit card is now in the hands of hackers.
Once again, make sure your computer has the Windows updates. More specifically, the MS08-067 patch is installed. Also, make sure you have the latest anti virus updates.
You can also run Malwarebytes which has so far, had a good track record lately in detecting rogue software.
PS: AVG Free users, from experience, this anti virus software is like having no anti virus software installed. Get a new one! (I don’t have time to get into specifics)
Symantec Theat Center – Downadup.E
McAfee Avert Blogs
The media hasn’t talked about Conficker (downadup) for a while now. Possibly because they’ve already frightened you and have nothing really else to say unless its something like the internet will spontaneously combust or your personal computer will blow up.
Security researchers are monitoring the virus as it is currently distributing its mutating code via peer-to-peer networks. According to a few sources, the new instructions are being transferred with high encryption making it difficult for researchers to figure out what the worm is supposed to do next.
Once again, please make sure you have the MS08-067 patch installed and have the latest anti virus updates installed on your computer however as of writing this article, there are no known virus definitions for the new variation.
Mcafee reports nothing, I only see Symantec & Trend Micro posting something about the recent activity.
Symantec Threat Center – W32.Downadup.E
IT Pro – New Variant of Conficker Strikes
Trend Micro Blog – New Variant in the Mix?
Google reader just updated some more feeds, McAfee does have some information now as well as some good removal instructions
McAfee Security Blog – New Conficker Variant
Well today was April Fools day and our favourite media virus Conficker was written-up many times over the past week in the papers and shown via newscasts all over the world. Surprise! The virus did was it was told it contacted its generated servers, only to do nothing, and the internet is still alive!
This threat is NOT over! Why the media and security organizations chose April 1st as doomsday is a mystery and was based mainly on speculation by reverse engineering the code. There are still many unpatched computers out there which need to be attended to. This day has been anti-climatic, CNET’s Conficker blog was boring to read, and we’ll have to wait until the hackers decide to make their next move, most likely during a quiet time when less IT and security staff are working.
My shift at the CCS IT HelpDesk in the library consisted of a 10-second power outage and the regular library help questions. The power outage turned off all desktop computers with stressed students working madly away to finish their last-minute assignments. I delt with about 6 lost assignments after the power outage. I was only able to recover 2 of the 6. Its ironic how people who lose their assignments almost always recognize that they SHOULD have been saving to the designated places stated on the desktop backgrounds. It’s unfortunate that most computer users do not read anything on their screens and continue to click OK and YES the majority of the time. You can blame Microsoft and Apple for accustoming their users to this.
On that note, those devious hackers also figured out how to get their search ratings high-up on Google’s results. Simply googling “Conficker” in Google generates many results, the majority of which are bad (as they have viruses or malware ready to download). This caused many curious users are used to just “clicking” to infect themselves with the virus.
If you haven’t done so, please patch your computers, use Firefox, and make sure your virus definitions are up to date. If you’re running an illegal version of the windows, make sure you check your computers thoroughly or buy a real copy.
The internet is a dangerous place. Be prepared. Lets see what the media says about Conficker now. If you’re looking for more information about it, please refer to the links below. I’ll keep you updated on its status.
Microsoft – Bulletin MS08-076
McAfee Avert Labs – Conficker.C observations with wireshark
Wikipedia – April Fools
CNET – Conficker silence
Vancouver Sun – Conficker