April 1st Virus?

Bobby+Umit · April 1, 2009

Here is a simple tool that will scan and remove this if you have it:

If you can't download this, you probably are infected. Just downloaded on another computer and copy it over (via some other media)

DeadPoolX · April 1, 2009

Heh, conficker. I am 12.

Yeah, I thought that was funny too.

Marina-Del · April 1, 2009

Here is a simple tool that will scan and remove this if you have it:
Symantec Tool

If you can't download this, you probably are infected. Just downloaded on another computer and copy it over (via some other media)

Now I'm really confused. My computer failed to download the link you have posted above (it said that I don't have administrative rights to download that, which doesn't make sense since I am the only "admin" on this computer). However, I have since gone to the Microsoft website and checked for any new updates and looked at my past updates from Microsoft. My computer has successfully downloaded all of the Microsoft updates (The last update on my list is the Important one on March 22 labeled Malicious Software Removal Tool and that was successful). There was one new update on the website when I went and my cpmputer uploaded that successfully as well.

Do I need to be worried?

Niels Bohr · April 1, 2009

Worm attack chaos fails to strike

The chaos predicted by some as the Conficker worm updates itself have so far failed to materialise.

There had been concerns that the worm could trigger poisoned machines to access personal files, send spam, clog networks or crash sites.

Many of the infected machines are based in Asia where there have been no reports of unusual PC behaviour.

Conficker is believed to have infected up to 15 million computers to date.

Those monitoring the progress of the worm as 1 April dawned around the globe said there was no evidence it was doing anything other than modifying itself to be harder to exterminate.

The hackers behind the worm, which effectively have all infected machines under their control, have yet to give the virus any specific orders.

But security experts warned that there was no room for complacency.

"We are going to be on high alert for a long time. Come 2 April we will still be watching while most people will have moved their focus elsewhere," said Vincent Weafer, vice president of security response at anti-virus firm Symantec.

He added: "We believe the software is geared towards making money. The characteristic of this type of worm is to keep it slow and low, keep it under the radar to slowly maximise profits over the long term."

Origins

Conficker, also known as Downadup or Kido, first appeared last November. The worm is self-replicating and has attacked a vulnerability in machines using Microsoft's Windows operating system, the software that runs most computers.

It can infect machines via a net connection or by hiding on USB memory drives used to ferry data from one computer to another. Once in a computer, it digs deeps, setting up defences making it hard to extract.

Among those affected by the virus have been the House of Commons and the defence forces of the UK, Germany and France.

The reason for the hype and the concern around Conficker is that 1 April was the day the worm was set to change the way it updates itself, moving to a system that is much harder to combat.

Five months ago a consortium of web security firms banded together to form the Conficker Working Group, to learn more about the worm and to try to stop it.

Last weekend the team located what they call a "fingerprint" or "signature" for the virus that means they can detect how an infected machine can be identified on a network much quicker than previously.

Security researcher Dan Kaminsky, a member of the group and director of penetration testing at IOActive, told the BBC this was a major breakthrough.

"We know these bad guys are in places they really shouldn't be. With this new trick it is much easier to find them. It means we can say, OK, I don't know what will happen but I can tell you 10,000 systems are under the control of the bad guys and here they are."

Lucrative

While no-one in the industry is 100% sure of the aim of Conficker, they are positive the people behind it are more concerned about making money than causing mayhem.

A recent report by security firm Finjan claimed that cybercrime is as lucrative a business as drug trafficking.

Its Cybercrime Intelligence Report found that a single hacker could make as much as $10,800 (£7,300) a day, which the company extrapolated to $3.9m (£2.6m) a year.

Finjan's chief technology officer Yuval Ben-Itzhak said: "Cybercrime today is a very, very big business and those behind Conficker have spent a lot of money organising, writing code and securing these machines so they will be looking for a return soon.

"This type of cybercrime activity is here to stay and will grow because there is so much money involved and its hard to get caught."

Help identify

In February Microsoft put up a bounty of $250,000 to anyone who could help identify those behind Conficker. It also issued patches to address the vulnerability.

Industry experts say consumers and companies should regularly update their security software and apply Windows updates as well as protect computers and files with strong passwords.

Symantec has issued a free trial version of its products that will detect and remove the worm.

VeriSign, one of the guardians of the networked world, believes these bugs exist because the general level of security is just not high enough.

"This is a testament to making consumer products useable and user friendly, which means security has to be relaxed a little," said VeriSign's chief technology officer Ken Silva.

"If all the security measures were deployed that should be deployed, they would become too annoying and too difficult for most consumers."

Story from BBC NEWS:

http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7976099.stm

fozzie · April 1, 2009

Worm attack chaos fails to strike
The chaos predicted by some as the Conficker worm updates itself have so far failed to materialise.

Doesn't mean it won't happen, just that the whole april fools day thing ws a rumour

Edited April 1, 2009 by fozzie

Trumplestiltskin · April 1, 2009

Personally I think the news stories about these viruses overstate the threat. This one probably only became news because of the hook about how it supposedly activates on April 1st.

From what I read there are 4 variants of this virus - the latest one (variant 'D') is spread by USB thumb drives. Most all of them are easily removed, from what I understand.

fozzie · April 1, 2009

Personally I think the news stories about these viruses overstate the threat. This one probably only became news because of the hook about how it supposedly activates on April 1st.
From what I read there are 4 variants of this virus - the latest one (variant 'D') is spread by USB thumb drives. Most all of them are easily removed, from what I understand.

Like i stated earlier this has caused havoc in the UK. It is fixable but the sheer number of computers that are affected is making the process of eradicating it difficult. You get rid of it but that does not mean you will not get it again.

Trumplestiltskin · April 1, 2009

That's true of any Trojan though...

Bobby+Umit · April 1, 2009

Here is a simple tool that will scan and remove this if you have it:
Symantec Tool

If you can't download this, you probably are infected. Just downloaded on another computer and copy it over (via some other media)

Now I'm really confused. My computer failed to download the link you have posted above (it said that I don't have administrative rights to download that, which doesn't make sense since I am the only "admin" on this computer). However, I have since gone to the Microsoft website and checked for any new updates and looked at my past updates from Microsoft. My computer has successfully downloaded all of the Microsoft updates (The last update on my list is the Important one on March 22 labeled Malicious Software Removal Tool and that was successful). There was one new update on the website when I went and my cpmputer uploaded that successfully as well.

Do I need to be worried?

What operating system are you running? Vista or Xp?

Bobby+Umit · April 1, 2009

Personally I think the news stories about these viruses overstate the threat. This one probably only became news because of the hook about how it supposedly activates on April 1st.
From what I read there are 4 variants of this virus - the latest one (variant 'D') is spread by USB thumb drives. Most all of them are easily removed, from what I understand.

They are easily removed, but you have to stop the vectors (like net shares, autorun activations, updated virus/OS updates).

The variants are being updated by the authors to outwit the Cabal that is trying to stop the spread of this.

I am glad the Cabal took it to the public and it was widely reported, makes people pay attention.

I still have users that will get an email, telling them to delete the jdbgmgr.exe file, because it's icon is a "teddybear" and it's a dangerous virus......

Ban Hammer · April 1, 2009

I still have users that will get an email, telling them to delete the jdbgmgr.exe file, because it's icon is a "teddybear" and it's a dangerous virus......

:rofl: that's an old one!

Marina-Del · April 1, 2009

[
What operating system are you running? Vista or Xp?

Vista

one...two...tree · April 1, 2009

[
What operating system are you running? Vista or Xp?

Vista

Click on the hypertext below: (web-based scanner)

I ran it last night (on Vista also) and it found 3 malicious items. I think the scan takes a few hours, but worth the time. Run it on your computer ASAP and just wait until it's done before using it again.

.....

Microsoft offers a web-based scanner (note that some users have reported it crashed their machines; I had no trouble with it), so you might try one of these downloadable options instead: Symantec's Conficker (aka Downadup) tool, Trend Micro's Cleanup Engine, or Malwarebytes. Conficker may prevent your machine from accessing any of these websites, so you may have to download these tools from a known non-infected computer if you need them. Follow the instructions given on each site to run them successfully. (Also note: None of these tools should harm your computer if you don't have Conficker.)

dalegg · April 1, 2009

My computer is totally infected by I managed to extract a copy of the worm from my Tech Guy who spent 5 hours trying to get it to reboot.

If you want to see what it does to your computer Click Here

one...two...tree · April 1, 2009

My computer is totally infected by I managed to extract a copy of the worm from my Tech Guy who spent 5 hours trying to get it to reboot.
If you want to see what it does to your computer Click Here

Son of a...

Edited April 1, 2009 by Mister Fancypants

Sign In

April 1st Virus?

46 posts in this topic

Recommended Posts

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in