Conficker Worm on April Fools Day

**Taurus** · March 27th, 2009 01:04 PM

From WIKI:

Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system.[1] The worm exploits a known vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and Windows 7 Beta.[2][3][4] The latest variant will begin checking for a payload to download on April 1, 2009.[5

Operation
The Conficker worm spreads itself primarily through a buffer overflow vulnerability in the Server Service on Windows computers. The worm uses a specially crafted RPC request to execute code on the target computer.[6]
When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.
It receives further instructions by connecting to a server. The instructions it receives may include to propagate, gather personal information and to download and install additional malware onto the victim's computer.[7] The worm also attaches itself to certain Windows processes such as svchost.exe, explorer.exe and services.exe.[8]
The worm seems to implement some of the ideas presented by Fucs, Paes de Barros e Pereira at the Blackhat Briefings Europe 2007, specifically: digitally signed additional payload, use of PRNG for communication and P2P communication.[9]

http://upload.wikimedia.org/wikipedi.../Conficker.svg

http://en.wikipedia.org/wiki/Conficker

Anyone who have had an experience on this worm?

How do you check if you are infected?

**CVT** · March 28th, 2009 04:48 PM

Hehehe... nasa defensive mode na ang aming network since Friday... Pati nga tsikot.yehey.com,- blocked na ang access....

7707:band:

**Taurus** · March 30th, 2009 04:35 PM

Something I got from "The Geek"

[SIZE=3]Every so often, we hear about a new and horrible virus spreading across the internet, infecting millions of Windows computers. Today we'll show you the steps to remove those threats and (hopefully) prevent them from happening in the future.[/SIZE]
[SIZE=3]Note: The latest horrible virus is set to hit on April 1st, 2009. It's called [/SIZE][SIZE=3]Conficker[/SIZE][SIZE=3], and we'll explain how to make sure you are safe.[/SIZE]
[SIZE=3]Whenever an outbreak happens, you should take the following steps:[/SIZE]

[SIZE=3]Run the Microsoft Windows Malicious Software Removal Tool. [/SIZE]
[SIZE=3]Run the McAfee Stinger Tool (optional) [/SIZE]
[SIZE=3]Make sure you are using Updated Anti-Virus Software. [/SIZE]
[SIZE=3]Make sure Windows Updates are turned on. [/SIZE]
[SIZE=3]Get Notified for Microsoft Security Alerts.[/SIZE]

[SIZE=3]We aren't talking about regular viruses… your anti-virus software can handle those. We're talking about the terrible viruses that will crash your computer, steal your information, delete the pictures of your kids - and cause your computer to be remotely controlled by a spammer. Bad stuff, but they can usually be prevented.[/SIZE]
Run the Microsoft Windows Malicious Software Removal Tool

[SIZE=3]The first step in detecting and removing horrible viruses and worms from your computer is to run Microsoft's own Malicious Software Removal Tool - it's not a replacement for anti-virus, but it's the best way to get rid of some of the worst offenders, like the current Conficker worm.[/SIZE]
[SIZE=3]

[/SIZE]
[SIZE=3]If you were affected, the tool would remove the virus and alert you. Since we're thankfully safe, we got the friendly message that no malicious software was detected. You can click the "View detailed results of the scan" to see more information.[/SIZE]
[SIZE=3][/SIZE]
[SIZE=3]By scrolling down in the list, you can find the current threat and make sure that you are not infected. [/SIZE]
[SIZE=3]

[/SIZE]
[SIZE=3]The tool should be updated automatically through Windows Update, but you can always just download it directly as well. This is an important tool to keep around.[/SIZE]
[SIZE=3]Download the Microsoft Windows Malicious Software Removal Tool from microsoft.com[/SIZE]
Run the McAfee Stinger Tool (optional)

[SIZE=3]An alternative tool is the McAfee Stinger tool, which is a freeware tool that removes only the worst viruses from your computer. You can check to make sure that Stinger can remove the current virus problem by checking the List Viruses dialog… make sure you have the latest version of Stinger before you use it.[/SIZE]
[SIZE=3][/SIZE]
[SIZE=3]Simply hit the Scan Now button to do a full scan of your computer, but be warned that this will take a long while.[/SIZE]
[SIZE=3][/SIZE]
[SIZE=3]Once it's done, you should get a report with the number of clean files. [/SIZE]
[SIZE=3][/SIZE]
[SIZE=3]It's a simple and rather ugly tool, but it does the job. It's still not a replacement for real anti-virus though.[/SIZE]
[SIZE=3]Download McAfee Avert Stinger from vil.nai.com[/SIZE]
Make sure you are using Updated Anti-Virus Software

[SIZE=3]This is one of the most important steps in keeping yourself safe. You need to make sure that your anti-virus software is enabled and properly working! Here's a quick list of what you should do:[/SIZE]

[SIZE=3]Make sure your virus definition updates are automatically updated. [/SIZE]
[SIZE=3]Make sure that real-time scanning is enabled. [/SIZE]
[SIZE=3]Run a full scan (optional but useful)[/SIZE]

[SIZE=3][/SIZE]
[SIZE=3]If you aren't sure what anti-virus software to use and don't have money to spend, you can [/SIZE][SIZE=3]try out AVG Free edition[/SIZE][SIZE=3], or you can take a look at the [/SIZE][SIZE=3]big list of anti-virus software we tested with Windows 7[/SIZE][SIZE=3].[/SIZE]
[SIZE=3]Note: We don't necessarily recommend ClamWin for regular users, because it has no real-time protection. It's just what I have installed on this computer and I needed a screenshot.[/SIZE]
Make sure Windows Updates are turned on

[SIZE=3]Now we arrive at the most important step: making sure that Windows is fully patched and Windows Updates is enabled. You can't protect yourself against worms and hackers if you are running a woefully out-of-date version of Windows that isn't patched. It just won't work.[/SIZE]
[SIZE=3]Open up Windows Updates, make sure to click "Check for updates" and install every security patch they recommend. Then click the Change settings link…[/SIZE]
[SIZE=3][/SIZE]
[SIZE=3]And make sure you have it set to check for updates automatically, and installing updates automatically isn't a bad option. Just remember, if you are running an un-patched system, you are leaving yourself open for all sorts of bad things.[/SIZE]
[SIZE=3][/SIZE]
[SIZE=3]Note: Please pardon the alarmist nature of this point, but patching is the #1 key to keeping safe against internet worms.[/SIZE]
Get Notified for Microsoft Security Alerts

[SIZE=3]If you really want to make sure you are secure, you can sign up for alerts from Microsoft whenever there is an important patch that needs to be installed. You can also check the current security bulletins at any time by visiting their security bulletin home page.[/SIZE]
[SIZE=3]Subscribe to Microsoft Security Alerts by Email or RSS[/SIZE]
[SIZE=3]Latest Microsoft Security Bulletin Home Page[/SIZE]
[SIZE=3]How Do I Make Sure the Patch is Installed?[/SIZE]
[SIZE=3]So now we get right down to it… how do you know if you are vulnerable to one of the security holes? As an example, we'll look at the security hole that leaves you vulnerable to the Conficker worm: [/SIZE][SIZE=3]Vulnerability in Server Service Could Allow Remote Code Execution[/SIZE][SIZE=3]. If you look through the list of downloads, you'll see the particular patch for your system.[/SIZE]
[SIZE=3]If Windows update says that you are up to date, you can check for a particular patch by clicking on "View update history" on the left-hand side.[/SIZE]
[SIZE=3]

[/SIZE]
[SIZE=3]This will take you to a long list of every update that has been installed. Look through the list, and you should see the update mentioned in the security bulletin… for me, it was KB958644 for x64-based systems, since I'm running 64-bit Vista.[/SIZE]
[SIZE=3]

[/SIZE]
[SIZE=3]At the very least it's a relief to know that you aren't vulnerable… to the current worm, at least.[/SIZE]
Conclusion

[SIZE=3]These steps are essential in protecting your computer from hackers, worms, and viruses, but they aren't the only important keys to safety. You should still remain vigilant and use common sense: don't download files from untrusted sources, use a firewall, and make sure your email provider scans for viruses before you open attachments.[/SIZE]

**Taurus** · March 30th, 2009 04:42 PM

Something I got from "The Geek"

[QUOTE]
[SIZE=3]Every so often, we hear about a new and horrible virus spreading across the internet, infecting millions of Windows computers. Today we'll show you the steps to remove those threats and (hopefully) prevent them from happening in the future.[/SIZE]
[SIZE=3]Note: The latest horrible virus is set to hit on April 1st, 2009. It's called [/SIZE][SIZE=3]Conficker[/SIZE][SIZE=3], and we'll explain how to make sure you are safe.[/SIZE]
[SIZE=3]Whenever an outbreak happens, you should take the following steps:[/SIZE]

[SIZE=3]Run the Microsoft Windows Malicious Software Removal Tool. [/SIZE]
[SIZE=3]Run the McAfee Stinger Tool (optional) [/SIZE]
[SIZE=3]Make sure you are using Updated Anti-Virus Software. [/SIZE]
[SIZE=3]Make sure Windows Updates are turned on. [/SIZE]
[SIZE=3]Get Notified for Microsoft Security Alerts.[/SIZE]

[SIZE=3]We aren't talking about regular viruses… your anti-virus software can handle those. We're talking about the terrible viruses that will crash your computer, steal your information, delete the pictures of your kids - and cause your computer to be remotely controlled by a spammer. Bad stuff, but they can usually be prevented.[/SIZE]
Run the Microsoft Windows Malicious Software Removal Tool

[SIZE=3]The first step in detecting and removing horrible viruses and worms from your computer is to run Microsoft's own Malicious Software Removal Tool - it's not a replacement for anti-virus, but it's the best way to get rid of some of the worst offenders, like the current Conficker worm.[/SIZE]
[SIZE=3][/SIZE][SIZE=3] alt="Malicious Software Removal" title="Malicious Software Removal"> [/SIZE]
[SIZE=3]If you were affected, the tool would remove the virus and alert you. Since we're thankfully safe, we got the friendly message that no malicious software was detected. You can click the "View detailed results of the scan" to see more information.[/SIZE]
[SIZE=3][/SIZE][SIZE=3] alt="No malicious software detected" title="No malicious software detected">[/SIZE]
[SIZE=3]By scrolling down in the list, you can find the current threat and make sure that you are not infected. [/SIZE]

<SPAN style="FONT-FAMILY: 'Calibri','sans-serif'"><FONT size=3>

**Taurus** · March 30th, 2009 04:47 PM

Something I got from "The Geek"

[quote]
[SIZE=3]Every so often, we hear about a new and horrible virus spreading across the internet, infecting millions of Windows computers. Today we'll show you the steps to remove those threats and (hopefully) prevent them from happening in the future.[/SIZE]
[SIZE=3]Note: The latest horrible virus is set to hit on April 1st, 2009. It's called [/SIZE][SIZE=3]Conficker[/SIZE][SIZE=3], and we'll explain how to make sure you are safe.[/SIZE]

[SIZE=3]Whenever an outbreak happens, you should take the following steps:[/SIZE]

[SIZE=3]Run the Microsoft Windows Malicious Software Removal Tool. [/SIZE]
[SIZE=3]Run the McAfee Stinger Tool (optional) [/SIZE]
[SIZE=3]Make sure you are using Updated Anti-Virus Software. [/SIZE]
[SIZE=3]Make sure Windows Updates are turned on. [/SIZE]
[SIZE=3]Get Notified for Microsoft Security Alerts.[/SIZE]

[SIZE=3]We aren't talking about regular viruses… your anti-virus software can handle those. We're talking about the terrible viruses that will crash your computer, steal your information, delete the pictures of your kids - and cause your computer to be remotely controlled by a spammer. Bad stuff, but they can usually be prevented.[/SIZE]
Run the Microsoft Windows Malicious Software Removal Tool

[SIZE=3]The first step in detecting and removing horrible viruses and worms from your computer is to run Microsoft's own Malicious Software Removal Tool - it's not a replacement for anti-virus, but it's the best way to get rid of some of the worst offenders, like the current Conficker worm.[/SIZE]
[SIZE=3]alt="Malicious Software Removal" title="Malicious Software Removal"> [/SIZE]
[SIZE=3]If you were affected, the tool would remove the virus and alert you. Since we're thankfully safe, we got the friendly message that no malicious software was detected. You can click the "View detailed results of the scan" to see more information.[/SIZE]
[SIZE=3]alt="No malicious software detected" title="No malicious software detected">[/SIZE]
[SIZE=3]By scrolling down in the list, you can find the current threat and make sure that you are not infected. [/SIZE]

<SPAN style="FONT-FAMILY: 'Calibri','sans-serif'"><FONT size=3>