More info:
As Tomorrow Is April 1st That Means Conficker Will Become A Big Threat To Those Who Are Infected. Now If You Don't Know What Conficker Is, Here's A Quote From Wikipedia And Other Sites.
Wiki:
Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system.[1] The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta.[2] The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.[3][4]
Although the origin of the name "conficker" is not known with certainty, Internet specialists and others have speculated that it is a German portmanteau fusing the term "configure" with "ficken", the [5] Microsoft analyst Joshua Phillips describes "conficker" as a rearrangement of portions of the domain name 'trafficconverter.biz'.[6]
The Tech Herald.com
Update:
Security vendor CA pointed out an interesting bit of information this week. According to them, Conficker has a rather large joke to play next month, and it isn’t funny.
“This worm, detected as Win32/Conficker.C, is getting ready for April Fool’s Day on 1 April, although it definitely won’t be fooling around. On that day, Conficker.C will commence its attempt to generate 50,000 URLs daily and try to access (download or report back to) 500 of them. It is a clever strategy, but the security industry is certainly on the lookout.”
The warning from CA is important, but how will the companies who have teamed up to deal with Conficker handle 50,000 domains, at one time, daily? So far none of them have mentioned any solid plans.
----------------
Signs Of Infection:
Try To Connect To: www.microsoft.com, www.symantec.com, www.macafee.com
If You Can't, Your Most Likely Infected With The Worm.
Prevention:
Update Your Anti-Virus And Anti-Spyware Regularly.
If You Couldn't Connect To The Websites Above Update Your Anti-Virus And Do A Scan.
Check For Windows Updates Regularly.
Other News:
Techharld.com
n a previous article, The Tech Herald made a joking reference to Conficker variant C++. It would appear that Murphy’s Law applied, as Symantec is reporting that a new variant of Conficker, version C, is digging trenches and preparing for a long, cold, bitter war against the security researchers who are dedicated to fighting it.
Symantec says they have discovered a new update that is being pushed to some systems infected by the Conficker (Downadup) Worm. The update does’t add any new methods of propagation, but considering that new systems are still being infected daily, the authors of the Worm do not need to update that part of the code, at least not yet.
The new addition is that the new variant targets security researchers, security software, and even security related applications. If the Worm detects processes on an infected system that contain security testing and analysis, or anti-Virus related strings, it kills them. Wireshark, Unlocker, TCPview, filemon, ms08-06, kb958, kb890, confick, hotfix, and downad, are all strings that are killed-off by the Worm.
Another update to the new variant is the domain generation algorithm. Earlier variants would generate 250 domains, which were contacted by the infected system to receive updates and instructions. Researchers cracked the domain generation and started registering and blocking the domains before they could be used, limiting the scope of this method of further infection. However, some domains generated by Conficker turned out to be legit, causing some concern because of an elevated attack vector.
Now, Symantec says the 250 domain limit is gone, replaced by a 50,000-a-day generation algorithm, using one of a possible 116 domain suffixes, such as com, net, org, tv, info, ws, etc.
“These early findings may suggest that the Downadup authors are now aiming for increasing the longevity of the existing Downadup threat on infected machines. Instead of trying to infect further systems, they seem to be protecting currently infected Downadup machines from antivirus software and remediation. Also, currently we are not seeing an increase in customer infections for this threat but are keeping a close eye on it,” Symantec said.
Last month, SRI International reported about new code in the variant of Conficker named B++, that foreshadowed the possibility that the Worm’s authors were looking for ways to fight the researchers.
“Under Conficker B++, two new paths to binary validation and execution have been introduced to Conficker drones, both of which bypass the use of Internet Rendezvous points: an extension to the netapi32.dll patch and the new named pipe backdoor. These changes suggest a desire by the Conficker's authors to move away from a reliance on Internet rendezvous points to support binary update, and toward a more direct flash approach,” the SRI research stated.
If the people behind the Conficker are working to protect the systems they have now, then why would they up the number of generated domains? What no one has been able to ascertain is the planned use for the infected systems.
--------
So make sure your not infected tomarrow.