Conficker Wakes Up

Source: CBS News/CNET

The Conficker worm is finally doing something - updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.

Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.

The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.

The worm also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog.


Read more: http://www.cbsnews.com/stories/2009/04/09/tech/cnettechnews/main4931360.shtml?tag=topStory;topStoryHeadline

I've done everything I can to ensure my "puters" at home at clean and protected, but I still worry. All the best anti-virus and anti-malware developers are still just playing catch up...

oh, wait...

But that would be a problem for everyone. Conficker can slow down the internet if it's chatty.

I have experienced worms and viruses messing up networks and slowing or killing connections.

So hey, I guess Macs can be the victim of the millions of PC problems.

And neither have the people I talked to. But this is more of an issue for unpatched and infected machines.

But that was a giggle, for sure.

it test for infections

http://iv.cs.uni-bonn.de/fileadmin/user_upload/werner/cfdetector/

Reminds me of the movie 'The Demon Seed' - the computer one day automatically makes the coffee the way the person usually has it instead of waiting for instructions - ie. it's starting to think for itself. eeeeek

I had no problem when you posted that yesterday.

Thanks, I'll try again later.

or if the thing is already in motion and so won't evolve as it goes along?

So far that test shows me as negative, thanks for the link

.
.
.

cuz I'm still running Win98SE - no firewalls, no virus protection - even AVG crapped out on me

but I still seem to be ok, well, my COMPUTER is ok :silly:

I'm not on broadband, just a high speed dial-up and when I hear or see my modem doing something when I'm NOT doing something,

I shut it down, then clear as many of my cookies and temporary files that I can find, usually in three different folders.

Five minutes later, I reboot

no problems . .

so far

I run Win98SE with AVG and Firefox (among other things), and have never had a problem in that configuration.

But the real question is what do you have at risk? If it's nothing, you don't need much protection. If reinstall and start over does the job, it's all the "protection" you need.

the best way you can find out if you are infected is to see if your windows updates are on or off. Then see if you can get to the Microsoft website. If the updates are turned on and you can browse to microsoft you are good. I work in tech support and I field questions like this 20 times a day.

Tanks for the info! :hi:

Much better answer than "get a Mac", but then again, some people like Pepsi, some people like Coke. :P

This is a new development, but I am not certain when it started. Could this be this virus at work?

When my computers do what yours is doing, that's what I do to "fix" it. You have to get clear about who owns the damn thing.

If you do a internet search and when clicking on any of the websites listed in the search results and you are taken to strange sites that are not the site you were trying to go to, that's Conficker. Conficker also doesn't let you go to any sites that it recognizes as a computer help site (like if you wanted to go to www.malwarebytes.com or www.majorgeeks.com or some other equivelent it won't allow you to enter the site). If you aren't getting updates from your anti-virus or Microsoft or any other anti-virus/anti-malware/anti-adware,etc. programs you have, that's also a symptom of Conficker.

What you have sounds more like some sort of error. You can manually turn off your computer by pressing the on/off button and holding it in for a few seconds until it shuts down. Wait a few minutes and then restart. Usually that clears up the problem. Once in a blue moon it's happened to me too. After restarting, update your anti-virus and do a full scan so that if you have a creepy thing it gets found and killed. Do an update and full scan with any other anti-malware/anti-adware, etc. programs you have also to make sure you don't have some sort of creepy thing, and whatever you may have gets killed.

In the future do frequent updates and scans to help you keep from getting creepy things. I scan every single day automatically. Most anti-virus and anti-malware/anti-adware, etc. programs allow you to schedule automatic scans when you want (I do mine daily while I'm normally asleep). If you don't have good anti-malware/anti-adware, etc. programs, get and use them. There are many very good free ones. It's also a good idea to use more than one anti-malware/anti-adware, etc. programs since they all don't catch the same things. I use Malwarebytes and SUPERantiSpyware. Sometimes I use Spybot and Ad-Aware but they aren't as good as they used to be.

The one good thing about Conficker is that the symptoms are obvious. If when you do an internet search and when clicking on any of the resulting sites you aren't taken to those sites but to other strange ones (like shopping sites or directory sites) that's one of the symptoms. If you can't get into most computer help sites, that's another symptom. If you aren't able to get updates for your anti-virus/anti-malware/anti-whatever programs, that's another symptom. When I got Conficker last January I knew I had something creepy as soon as I got it (I was doing a lot of internet searches at the time).