April 1 is Here; Where's Conficker?

Techtree News Staff, Apr 01, 2009 1603 hrs IST

Here is what the experts have to say

Has the Conficker virus turned out to be an anticipated April fool's day prank after all?

As the April fool's day eve has gone by, there aren't any reports of any malicious action having taken place. However, experts are saying that it may not be the time yet to lay back and relax.

Anyway, if most of you have updated your anti-virus software, there isn't much to be worried about.

So, how does one know if they are affected?

"One of the symptoms of this worm is that it blocks access to Web sites of Internet security companies," says Dave Marcus, of McAfee Avert Labs.

Microsoft Efforts

On Feb. 12, Microsoft announced the formation of a collaboration called Conficker Cabal, to combat the effects of Conficker. Organizations involved in this collaborative effort include Microsoft, Afilias, ICANN, Neustar, Verisign, CNNIC, Public Internet Registry, Global Domains International, M1D Global, AOL, Symantec, F-Secure, ISC, researchers from Georgia Tech, The Shadowserver Foundation, Arbor Networks, and Support Intelligence.

Further information regarding how to protect one from it and about removal can be found at the following Conficker Cabal site.

CXOToday outlines five steps that users need to follow to prevent themselves from getting infected.

Buy a genuine copy of Microsoft Windows so that you get access to automatic updates from the Microsoft website. A point worth noting here is that Microsoft had already issued a patch (MS08-067) to fix the vulnerability before the virus was created. This clearly shows that ignorant users are clearly at fault as well for getting infected by this worm.
Configure your systems to check for updates automatically. Download and apply the updates and patches immediately after they are released. It is fruitless if you just download an update and do not apply it.
Although CXOToday does not endorse piracy but the fact is that there are lots of users who run a pirated version of Windows. For them, they should manually download the updates from Microsoft's website. They are at a greater risk as they have to keep an eye on what vulnerabilities and patches are available and when they are launched in order to keep their system up-to-date.
Invest in a good antivirus software. This will not only prevent such worms from infecting your computers but they will prevent other malware from infecting your computers as well. Note: An antivirus is only as effective as its virus signature database. There is NO point in keeping an antivirus and NOT updating its virus definitions. This is the most common mistake that users make.

History

The infamous Conficker worm and its variants have infected nearly 15 million PCs globally till date. The worm is programmed to update itself from domains it randomly generates. For the latest version -- Conficker C, this amounts to nearly 50,000 domains a day. The virus author needs to only use one of these domains to host the update, thus making tracking nearly impossible.

Meanwhile, the Microsoft's $250,000 bounty to trace the author/s of the Conficker worm has not yielded any result so far.

The Conficker worm first surfaced in October 2008. In January, infections had crossed nine million PCs globally. Currently, the worm is found in three variants dubbed - A, B, and C.

The worm typically disables system services such as Windows defender, automatic update, security center, and error reporting. It also allows installation of additional malware on the infected PCs. Further, if your OC is infected, it could block all sites that provide access to anti-virus tools.

"It may be downloaded unknowingly by a user when visiting malicious websites. Once installed in the system, it drops a copy set to allow restricted access with 'file execute' for users. This worm can terminate processes that contain certain strings, running in memory that relates to antivirus programs," said Amit Nath, country manager (India & SAARC) at Trend Micro. Due to this process, it avoids early detection and consequent removal.

What now?

Hoax or not, security experts insist that you keep your anti-virus software updated. Have any of you been affected by Conficker?

TAG KEYWORDS

USER COMMENTS

I don't agree. I had been to my music teacher from where I copied a file to my pen drive. After returning home, when I connected the same pen drive to my laptop..... my updated McAfee Enterprise detected the Conficker and deleted it instantly... Guess, this is not just a hoax.

by Avinash Sawant, Mumbai, on Apr 03, 2009 11:19 AM, Report abuse Reply

Don't listen to the people who say they have it. That could be any virus not the conficker! To prove my friends wrong, I turned off my antivirus program and kept my computer on all day and on the internet and I have none of the symptoms of the conficker virus and the scan came back negative afterward. Just a big april fools joke :) PS They could also be lying just to scare you.

by A person, Canada, on Apr 02, 2009 06:56 PM, Report abuse Reply

Conficker is stupid.. and so are you, dipshit

by Conficker, Russia, on Apr 02, 2009 06:12 PM, Report abuse Reply

i too was infected but thx to avast antivirus for detecting and removing it

by god, heaven, on Apr 02, 2009 04:09 PM, Report abuse Reply

this is real i had it on my computer but i managed to rid of the start up it was in, not very smart to have the startup there. but this is real i tried to copy to any thumb drive i plugged in.

by Martino Jones, Ypsilanti Twp., on Apr 02, 2009 01:58 AM, Report abuse Reply

:O THAT WAS THE FUNNIEST JOKE IVE EVER PULLED!!!!!! IM LMAO RIGHT NOW!!! :P :D

by person who made, CONCORD, on Apr 02, 2009 01:26 AM, Report abuse Reply

APRIL FOOLS! YOURE ALL FOOLS MUAHAHAHAHA!!!

by person who made, CONCORD, on Apr 02, 2009 01:21 AM, Report abuse Reply

i was infected with the conficker virus and trust me, this is real. i managed to get rid of it after a few weeks of messing with my hard drive but trust me, it's not easy!

by none of your bu, a, on Apr 01, 2009 11:55 PM, Report abuse Reply

I was hoping it'd be one great big Rick Rolling

by Mahx, Farmer City, on Apr 01, 2009 10:39 PM, Report abuse Reply

aha, apparently if yu plug yur iPod in to charge on yur computer I'd won't turn on again, happened to a few friends of mine

by robert, Hamilton,on, on Apr 01, 2009 08:30 PM, Report abuse Reply

LOL guy. Many PC's will not boot with various USB storage devices plugged in during startup. This is usually due to an older BIOS version, especially on Socket A Asus motherboards.

by R.Franck, Penticton, on Apr 01, 2009 09:27 PM, Report abuse

It is a hoax, ill quote Microsoft Executive on this one. "The Win32.Conficker.C has been proven to be a hoax, many of our Windows Technical Engineers have been on this, and have officially and formally discovered it is a big hoax, the reward for $250 000 has been removed."

by Jack L, Seattle, Washington, on Apr 01, 2009 07:17 PM, Report abuse Reply

I am not sure if it's purely a coincidence but i have not had any viruses or Trojans on this computer ever and as soon as I got on this morning my virus program alerted me to a Trojan.

by Amanda, Spring Hill, on Apr 01, 2009 06:50 PM, Report abuse Reply

Just like the year 2000 bug, overated to scare people into buying more software. Just use PCLinux or Ubuntu or Mac, no more worries.

by Anonymous, Lemas, on Apr 01, 2009 05:52 PM, Report abuse Reply

Wasn't a problem for those of us who didn't. No need to spend a bunch of money for a non-existent threat.

by Digital Jedi, Hickory, on Apr 01, 2009 06:39 PM, Report abuse

no, not one person has been because its just an elaborate marketing scheme for the big anti-virus companies but since its april fools they can get away with the lie

by the april fool, townsville, on Apr 01, 2009 06:24 PM, Report abuse Reply