Could this be an April fool joke?


FOXNews.com - Computer Virus 'Time Bomb' Could Go Off April 1 - Science News | Science & Technology | Technology News (http://www.foxnews.com/story/0,2933,510296,00.html)


Tuesday, March 24, 2009

The Conficker Internet worm could strike at infected computers around the world on April 1, a security expert warned Monday.

Conficker is a sophisticated piece of malicious computer software, or malware, that installs itself on a Windows PC's hard drive via specially written Web pages. It then conceals itself on a computer.

Graham Cluley of the British security firm Sophos confirmed that Conficker is programmed "to hunt for new instructions on April 1."

However, he added, "This does not mean that anything is going to happen, or that the worm is actually going to do anything. Simply, it is scheduled to hunt a wider range of Web sites for instructions on that date."

One strange thing about Conficker is that no one yet has any idea what it is programmed to do.

In February, Cluley told The Times: "It's as if someone is assembling an army of computers around the world, but hasn't yet decided where to point them."

A worst-case scenario for April 1 would be for all the world's millions of infected computers to receive simultaneous instructions to attack, or to flood the Internet with spam e-mail.
Ed Gibson, Microsoft's chief security adviser for the U.K., was reluctant to make predictions about Conficker's behavior.

"April 1 is a classic date for anything like this to go off," he said. "But I really would hate to say that April 1 is going to be unlike any other day."

Hmmm, could a solution be to set yer puter date and time ahead to 2nd April?
:)

Hmmm, could a solution be to set yer puter date and time ahead to 2nd April?

No just run your virus checker.

I int got a virus checker Mr G,been puterizing since 1982 and I have never had a virus.:uhoh:
Touch wood.
:)

I have never had a virus


And, until recently, you weren't on broadband which makes you more susceptible.

Having said that, I've been virus free for the same number of years, but I do have a-v installed these days.

I have never had a virus

Without an AV program, how can you tell?

SD

And, until recently, you weren't on broadband which makes you more susceptible.
Less, surely? - with dial-up your computer is usually connected directly to the internet, highly dodgy, but with broadband most people have a stealth mode NAT router in the way (in order to service several machines in the house) and that'll stop quite a lot of incoming.

Saab is right,

You cant tell if you have or have not had a virus - I think the correct phrase would be to say you never noticed a virus.

Not all of them are malicious and alot are very cunning and stay hidden gathering information or performing functions for other ppl remotely. Or stay dormant until a specific event occurs (e.g. 1st april).

Not every virus is picked up by the virus checkers, alot of virus checkers only work on the principle that they look for the virus they can identify - so if your anti-virus software provider has not seen the virus before it will not be in your updates to prevent.

The better virus checkers will store and refer to file sizes and checksums so that it can identify that even if it does not know if a virus is present or what it is - it does know something has been changed that should not have been.

Please dont get the false sense of security that because you have a virus checker/blocker all will be okay - virus protection is still very much in the realm of a reaction to a problem rather than a prevention.

Cheers

Tony draper, one problem (probably amongst several) of changing the date is that the AV (and probably some other programs) won't be able to update.

What AV do you use?

If Windows updated is turned on, hopefully the vulnerability the conficker (aka "Kido" ) exploits will already be patched.
For anyone infeted by this, here is a tool by BitDefender (http://www.bdtools.net/) that claims to remove it. (Haven't had to test this myself.)

I'm slightly incredulous of one who could ignore the mountain of evidence in respect of unprotected machines. At least we know how armies of pc's distributing viruses are recruited! Nowt so blind as them who can't see!

but with broadband most people have a stealth mode NAT router in the way (in order to service several machines in the house) and that'll stop quite a lot of incoming.

Sorry, I can't resist biting on this topic ! :ok:

What a load of drivel.

(a) Repeat after me ..... Security by obscurity is NOT security .....

(b) In 95+% of the cases I've seen, viruses have appeared on someone's computer due to their clicking on dodgy attatchments in emails or some such, whilst at the same time having inadequate virus protection.

(c) So, you might have inbound blocking. But let's say you do have a zombie vrus on your PC. What are you doing to stop Dr Evil launching a DDoS attack on insert name of well known website here using your computer as one of the "bots". And don't you even think about telling me they need inbound access to your computer to control their bot, they don't.

wot 'e said.

The NAT firewall will stop the person who tries to connect to your machine from outside, to do nefarious things. That's good.

It won't stop the smarter hacker who conceals some software on a website. You visit the site, you download the software, it installs on your PC, and you know nothing about it.

It will then do whatever it's designed to do - collect your internet banking login and account details and send them to base; collect your address book ditto; wipe your hard drive on April 1; send 20 million spam e-mails from your PC...

I've seen the logs of the AV on my machines, and seen the stuff arrive and get zapped. When I changed from AVG to Avast on this machine, it found a couple of dozen cookies that it reckoned were slightly dodgy - not dangerous, just dodgy.

You can't be too careful.

The other thing that far too few home users adopt is the principle of least privilege.

It's amazing how much damage you can avoid by taking an extra few minutes whilst setting up your new computer to create a new secondary user account that does not have any Administrative priviledges. Most home users who spend their days browsing the web, sending emails etc. generally hardly ever need all the powers and priviledges that come tagged onto the Administrator account.

The other option, if you can't bring yourself to withdraw administrator power from your fingertips (or you are at the mercy of some incompetent software developer who doesn't know how to write software that can do without admin rights) ..... is to try something like Faronics DeepFreeze Faronics Deep Freeze Windows Editions - ABSOLUTE System Integrity (http://www.faronics.com/html/deepfreeze.asp) (I've no association to them and not making any recommendation, you'll need to consider your circumstances)

As Keef inferred too, not all anti-virus is the same, unfortunatley. Even amongst the major players, it can sometimes be surpriseing to see one pick up something and the other doesn't. Particularly in the case of new virus releases. You should ideally look for anti-virus software that contains multiple scanning engines (preferably from well known companies).

The NAT firewall will stop the person who tries to connect to your machine from outside, to do nefarious things. That's good.

Correct. It stops things over which you have no control.

It won't stop the smarter hacker who conceals some software on a website. You visit the site, you download the software, it installs on your PC, and you know nothing about it.

Correct. It doesn't stop things over which you do have some control. (Personally I choose not to visit dodgy websites and download and install and run viruses, but I realise that others make other choices.)

All I was saying was that a typical broadband installation is, by virtue of the stealth mode NAT router, more, rather than less, secure than a typical dialup installation. I made no claim that the NAT box stopped everything. Nobody has made any attempt to contradict this.

I int got a virus checker Mr G,been puterizing since 1982 and I have never had a virus.:uhoh:
Touch wood.
:)

Ooh I have, seeing as how I am a mucky Herbert, I have picked up the odd one. I sent a hard drive to a mate for him to clean it up, he told me it was now clean... and it had spent 2 hours in a bucket of disinfectant as well.

In all truth it'd be interesting to see what the actual payload of Conficker is. Are we going to see the world's largest botnet on April 1st? What will the botnets payload be? Spam? DDoS? Who knows....yet...

The biggest malware prevention is the user - keeping everything up to date, ensuring that adequate anti malware software is being run and not getting yourself into dodgy situations. The unfortunate thing is a lot of the time the typical home user will download anything and everything that they see, especially youngsters, without truly knowing what it is or knowing the consequences of what they are installing.

Conficker from my POV is a little strange, malware spread by exploiting a security vuln in Windows is far less prevalent than it used to be, owning to better patch installation/management and far better security systems. However, Conficker has also brought it home that there is still a LONG way to go on this front and that no 100% safe in the IT world.

I think at the minute it's a wait and see game, but take all the necessary precautions. Nowadays it's best to be one step ahead.

The unfortunate thing is a lot of the time the typical home user will download anything and everything that they see, especially youngsters, without truly knowing what it is or knowing the consequences of what they are installing.
The consequences in my house are that each time the kids manage to infect themselves their machine gets unplugged from the net until I've got time to fix it. "Until I've got time" takes twice as long for each infection.

They finally got the message when they were without internet access for a fortnight. They know that next time they get infected it'll be a month.

There have been no infections for the last several years, as a month without internet is a sufficient consequence to get them to be careful :):):)

My computers are running normally and carry appropriate virus /malware protection (Avast at the moment) The other day I was typing something into "word" on my laptop. I noticed that when typing in a word, the first letter would appear and then there was a delay before the rest of the word appeared. A thorough Malwarebytes scan was immediately initiated and a trojan was discovered on the d: partition of my hard drive. Now this partition is only used to store windows recovery files and is thus hardly ever accessed. How did it get there? Anyway, said trojan is now deleted and normal service (without delays) has been resumed. In recent months I have discovered several trojans on my machines - they are quite sophisticated - I had one recently which was preventing my antivirus and antimalware software from updating itself. It was not however preventing downloads thus I could download a copy of malwarebytes which was fully updated and which found and destroyed the trojan. If Saab will permit me a brief plug for this free software - it often publishes update files more frequently than daily and it has sorted out my malware on several occasions - not that there is not other excellent free software for this purpose out there.

P.P.

But it begs the question "what was the A/V software doing letting it in the first place"?

Thanks for that, just tried it and it found eyewateringly too many.

Also just downloaded it and ran it:

Malwarebytes' Anti-Malware 1.34
Database version: 1900
Windows 6.1.7000

26/03/2009 14:43:45
mbam-log-2009-03-26 (14-43-45).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 186322
Time elapsed: 36 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Green Granite: I wish I knew. Are these trojans classed as malware, thus virus protectors are not interested or are the freebies such as Avast and AVG not as good as the paid for stuff? To be fair, when I used to use AVG I did get the occasional popup declaring that AVG had blocked a virus. However, it let the trojan through which subsequently blocked all my malware detectors and AVG itself from updating itself. Thus I switched to Avast, however it may well be that this was a very new trojan which got in and protected itself in this way before the virus/malware detectors could update themselves. This (please excuse the plug again Saab) is why I like Malwarebytes. Most anti malware software needs to update itself with the latest signatures from its website as soon as it is installed. Malwarebytes doesn't as the download you obtain is fully up to date.

P.P.

Avast usually goes ape sh1t if I down load any thing that has a virus in it as it scans the finished download, but seems to let things like tracking cookies through but then tells you when you do a complete scan. My answer is to have several bits of software and scan each day with a different one, but I run Windows Defender along side Avast and it seems fine.

I just ran it also it showed the same thing.
With fully updated windows, Norton, spybot and CC cleaner I guess I am safe then.
But it never hurts to make sure with a different product, thanks

This (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx) is the patch from MS that will (presumably) confer immunity from this.
(Machines that auto-update should have had this applied in October/08. Never hurts to check in "add/remove programs, though.)
Here (http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx) is a little more info about it.
Personally, I'm not too concerned about this one.

I don't think it's the home pcs that are at high risk because most of them have auto update on and as Tarq57 said MS issued a patch for it. It's the large corporate networks that don't tend to apply updates who are, and will suffer.

There is a patch for Conficker, but I'm sure those who are security aware or in the security industry will have read SRI's excellent analysis of all three strains of Conficker and understand that the multiple infection pathways and actions Conficker takes to prevent its removal and stop the user accessing removal-related web sites mean the patch won't install if you are infected.

If you're infected, too late to patch - use the MS removal tool THEN patch.

Decent commercial standard IDS (generally found in large corporations) have been detecting Conficker since last October based on the fact it exploits a similar vulnerability to one for which detection has been available for a year or two, so one would hope they've been taking action for a while.

I tend to agree with the Snopes analysis (http://www.snopes.com/computer/virus/conficker.asp): these days, it's all about commercial gain, not taking systems down. These things can go for years without being diagnosed, like a person who carries Epstein-Barr or HPV.

It would be nice to gloat about this Linux netbook, but I still keep an XP machine going for games, and jobs where only Microsoft Office is compatible enough. (Much as I like OpenOffice, it mangles the Equations in my Word documents.)

Someone's used their noggin, and put together a simple test for whether your machine has Conficker or not. Since Conficker blocks certain websites, such as those of anti-virus vendors, a web page with inline images from those sites will look wrong. This "Conficker Eyechart" (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html) tests that, so you can see at a glance whether you have an infection or not. (I checked the HTML source: it's just a simple web page, no active content of any kind.)