Quarter-million-dollar bounty <http://blogs.technet.com/msrc/archive/2009/02/12/conficker-activity-update.aspx>on the head of the writer of the worm, offered by Microsoft Beware Conficker worm come April 1
Tue Mar 24, 2009 6:21PM EDT In an event that hits the computer world only once every few years, security experts are racing against time to mitigate the impact of a bit of malware which is set to wreak havoc on a hard-coded date. As is often the case, that date is April 1<http://www.cnn.com/2009/TECH/03/24/conficker.computer.worm/index.html> . Malware creators love to target April Fool's Day with their wares, and the latest worm, called Conficker C, could be one of the most damaging attacks we've seen in years. Conficker first bubbled up in late 2008 and began making headlines in January <http://tech.yahoo.com/blog/null/116396> as known infections topped 9 million computers. Now in its third variant, Conficker C, the worm has grown incredibly complicated, powerful, and virulent... though no one is quite sure exactly what it will do when D-Day arrives. Thanks in part to a quarter-million-dollar bounty <http://blogs.technet.com/msrc/archive/2009/02/12/conficker-activity-update.aspx>on the head of the writer of the worm, offered by Microsoft, security researchers are aggressively digging into the worm's code as they attempt to engineer a cure or find the writer before the deadline. What's known so far is that on April 1, all infected computers will come under the control of a master machine located somewhere across the web, at which point anything's possible. Will the zombie machines become denial of service attack pawns, steal personal information, wipe hard drives, or simply manifest more traditional malware pop-ups and extortion-like come-ons designed to sell you phony security software? No one knows. Conficker is clever in the way it hides its tracks because it uses an enormous number of URLs to communicate with HQ. The first version of Conficker used just 250 addresses each day -- which security researchers and ICANN simply bought and/or disabled -- but Conficker C will up the ante to 50,000 addresses a day when it goes active, a number which simply can't be tracked and disabled by hand. At this point, you should be extra vigilant about protecting your PC: Patch Windows completely through Windows Update and update your anti-malware software as well. Make sure your antivirus software is actually running too, as Conficker may have disabled it. Microsoft also offers a free online safety scan <http://onecare.live.com/site/en-us/default.htm>here, which should be able to detect all Conficker versions. http://tech.yahoo.com/blogs/null/128643/beware-conficker-worm-come-april-1/ See latest news from Microsoft regard this worm. <http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx> Protect yourself from the Conficker computer worm Published: March 27, 2009 The Conficker worm is a computer worm<http://www.microsoft.com/protect/computer/basics/worms.mspx>that can infect your computer and spread itself to other computers across a network automatically, without human interaction. If you are an IT professional, please visit Conficker Worm: Help Protect Windows from Conficker<http://technet.microsoft.com/en-us/security/dd452420.aspx>. On This Page [image: Am I at risk of having the Conficker worm?]<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EQB> Am I at risk of having the Conficker worm? <http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EQB> [image: What does the Conficker worm do?]<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EUB> What does the Conficker worm do? <http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EUB> [image: How does the Conficker worm work?]<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EDD> How does the Conficker worm work?<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EDD> [image: How do I remove the Conficker worm?]<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EMD> How do I remove the Conficker worm? <http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EMD> [image: Where can I find more technical information about the Conficker worm and how can I stay up to date on the Conficker worm?]<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EZD> Where can I find more technical information about the Conficker worm and how can I stay up to date on the Conficker worm? <http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#EZD> Am I at risk of having the Conficker worm? Most antivirus software could detect and block the Conficker worm, so if you have updated antivirus software on your computer, you are at a much lower risk of being infected by the Conficker worm. If you or your network administrator have not installed the latest security updates from Microsoft and your antivirus provider, and if you have file-sharing turned on, the Conficker worm could allow remote code execution. Remote code execution allows an attacker to take control of your computer and use it for malicious purposes. [image: Top of page]<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#top>Top of page<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#top> What does the Conficker worm do? To date, security researchers have discovered two variants of the worm in the wild. • Win32/Conficker.A<http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.A>was reported to Microsoft on November 21, 2008. • Win32/Conficker.B<http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.B>was reported to Microsoft on December 29, 2008. • Win32/Conficker.C<http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.C>was reported to Microsoft on February 20, 2009. • Win32/Conficker.D<http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.D>was reported to Microsoft on March 4, 2009. Win32/Conficker.B<http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.B>might spread through file sharing and via removable drives, such as USB drives (also known as thumb drives). The worm adds a file to the removable drive so that when the drive is used, the AutoPlay dialog will show one additional option. The Conficker worm can also disable important services on your computer. In the screenshot of the Autoplay dialog box below, the option *Open folder to view files — Publisher not specified* was added by the worm. The highlighted option — *Open folder to view files — using Windows Explorer* is the option that Windows provides and the option you should use. If you select the first option, the worm executes and can begin to spread itself to other computers. The option *Open folder to view files — Publisher not specified* was added by the worm. http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx [image: Top of page]<http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx#top> ------------------------------ Date: Sat, 28 Mar 2009 09:47:37 +0300 Subject: Warning of 1 Apr 09 (for Internet Users) From: [email protected] Dear All Please find below the part of an official mail which got from our IT dpt. Based on recent warning we got from Microsoft, there is a worm called * Conficker* that might affect windows platforms on *1st April 2009*, we need your cooperation to avoid any possibility to be infected with this Worm (Virus) 1- Do not open or download any attachment from any strange –unknown sender- email. 2- Do not press on any link coming from strange –unknown sender- email. Take care PP Abdullatheef ------------------------------ What can you do with the new Windows Live? Find out<http://www.microsoft.com/windows/windowslive/default.aspx> ------------------------------ Get news, entertainment and everything you care about at Live.com. Check it out! <http://www.live.com/getstarted.aspx> --~--~---------~--~----~------------~-------~--~----~ Nor can Goodness and Evil be equal. Repel (evil) with what is better; then the enmity between him and you will become as if it were your friend and intimate! Visit: sultan.org Subscribe: [email protected] Post to group: [email protected] -~----------~----~----~----~------~----~------~--~---
