Computer Virus 'Time Bomb' Could Go Off April
 

Could this be an April fool joke?


FOXNews.com - Computer Virus 'Time Bomb' Could Go Off April 1 - Science News | Science & Technology | Technology News


Tuesday, March 24, 2009

The Conficker Internet worm could strike at infected computers around the world on April 1, a security expert warned Monday.

Conficker is a sophisticated piece of malicious computer software, or malware, that installs itself on a Windows PC's hard drive via specially written Web pages. It then conceals itself on a computer.

Graham Cluley of the British security firm Sophos confirmed that Conficker is programmed "to hunt for new instructions on April 1."

However, he added, "This does not mean that anything is going to happen, or that the worm is actually going to do anything. Simply, it is scheduled to hunt a wider range of Web sites for instructions on that date."

One strange thing about Conficker is that no one yet has any idea what it is programmed to do.

In February, Cluley told The Times: "It's as if someone is assembling an army of computers around the world, but hasn't yet decided where to point them."

A worst-case scenario for April 1 would be for all the world's millions of infected computers to receive simultaneous instructions to attack, or to flood the Internet with spam e-mail.
Ed Gibson, Microsoft's chief security adviser for the U.K., was reluctant to make predictions about Conficker's behavior.

"April 1 is a classic date for anything like this to go off," he said. "But I really would hate to say that April 1 is going to be unlike any other day."

Hmmm, could a solution be to set yer puter date and time ahead to 2nd April?
:)

No just run your virus checker.

I int got a virus checker Mr G,been puterizing since 1982 and I have never had a virus.:uhoh:
Touch wood.
:)

And, until recently, you weren't on broadband which makes you more susceptible.

Having said that, I've been virus free for the same number of years, but I do have a-v installed these days.

Without an AV program, how can you tell?

SD

Less, surely? - with dial-up your computer is usually connected directly to the internet, highly dodgy, but with broadband most people have a stealth mode NAT router in the way (in order to service several machines in the house) and that'll stop quite a lot of incoming.

Saab is right,

You cant tell if you have or have not had a virus - I think the correct phrase would be to say you never noticed a virus.

Not all of them are malicious and alot are very cunning and stay hidden gathering information or performing functions for other ppl remotely. Or stay dormant until a specific event occurs (e.g. 1st april).

Not every virus is picked up by the virus checkers, alot of virus checkers only work on the principle that they look for the virus they can identify - so if your anti-virus software provider has not seen the virus before it will not be in your updates to prevent.

The better virus checkers will store and refer to file sizes and checksums so that it can identify that even if it does not know if a virus is present or what it is - it does know something has been changed that should not have been.

Please dont get the false sense of security that because you have a virus checker/blocker all will be okay - virus protection is still very much in the realm of a reaction to a problem rather than a prevention.

Cheers

Tony draper, one problem (probably amongst several) of changing the date is that the AV (and probably some other programs) won't be able to update.

What AV do you use?

If Windows updated is turned on, hopefully the vulnerability the conficker (aka "Kido" ) exploits will already be patched.
For anyone infeted by this, here is a tool by BitDefender that claims to remove it. (Haven't had to test this myself.)

I'm slightly incredulous of one who could ignore the mountain of evidence in respect of unprotected machines. At least we know how armies of pc's distributing viruses are recruited! Nowt so blind as them who can't see!

Sorry, I can't resist biting on this topic ! :ok:

What a load of drivel.

(a) Repeat after me ..... Security by obscurity is NOT security .....

(b) In 95+% of the cases I've seen, viruses have appeared on someone's computer due to their clicking on dodgy attatchments in emails or some such, whilst at the same time having inadequate virus protection.

(c) So, you might have inbound blocking. But let's say you do have a zombie vrus on your PC. What are you doing to stop Dr Evil launching a DDoS attack on insert name of well known website here using your computer as one of the "bots". And don't you even think about telling me they need inbound access to your computer to control their bot, they don't.

wot 'e said.

The NAT firewall will stop the person who tries to connect to your machine from outside, to do nefarious things. That's good.

It won't stop the smarter hacker who conceals some software on a website. You visit the site, you download the software, it installs on your PC, and you know nothing about it.

It will then do whatever it's designed to do - collect your internet banking login and account details and send them to base; collect your address book ditto; wipe your hard drive on April 1; send 20 million spam e-mails from your PC...

I've seen the logs of the AV on my machines, and seen the stuff arrive and get zapped. When I changed from AVG to Avast on this machine, it found a couple of dozen cookies that it reckoned were slightly dodgy - not dangerous, just dodgy.

You can't be too careful.

The other thing that far too few home users adopt is the principle of least privilege.

It's amazing how much damage you can avoid by taking an extra few minutes whilst setting up your new computer to create a new secondary user account that does not have any Administrative priviledges. Most home users who spend their days browsing the web, sending emails etc. generally hardly ever need all the powers and priviledges that come tagged onto the Administrator account.

The other option, if you can't bring yourself to withdraw administrator power from your fingertips (or you are at the mercy of some incompetent software developer who doesn't know how to write software that can do without admin rights) ..... is to try something like Faronics DeepFreeze Faronics Deep Freeze Windows Editions - ABSOLUTE System Integrity (I've no association to them and not making any recommendation, you'll need to consider your circumstances)

As Keef inferred too, not all anti-virus is the same, unfortunatley. Even amongst the major players, it can sometimes be surpriseing to see one pick up something and the other doesn't. Particularly in the case of new virus releases. You should ideally look for anti-virus software that contains multiple scanning engines (preferably from well known companies).

Correct. It stops things over which you have no control.

Correct. It doesn't stop things over which you do have some control. (Personally I choose not to visit dodgy websites and download and install and run viruses, but I realise that others make other choices.)

All I was saying was that a typical broadband installation is, by virtue of the stealth mode NAT router, more, rather than less, secure than a typical dialup installation. I made no claim that the NAT box stopped everything. Nobody has made any attempt to contradict this.

Ooh I have, seeing as how I am a mucky Herbert, I have picked up the odd one. I sent a hard drive to a mate for him to clean it up, he told me it was now clean... and it had spent 2 hours in a bucket of disinfectant as well.

In all truth it'd be interesting to see what the actual payload of Conficker is. Are we going to see the world's largest botnet on April 1st? What will the botnets payload be? Spam? DDoS? Who knows....yet...

The biggest malware prevention is the user - keeping everything up to date, ensuring that adequate anti malware software is being run and not getting yourself into dodgy situations. The unfortunate thing is a lot of the time the typical home user will download anything and everything that they see, especially youngsters, without truly knowing what it is or knowing the consequences of what they are installing.

Conficker from my POV is a little strange, malware spread by exploiting a security vuln in Windows is far less prevalent than it used to be, owning to better patch installation/management and far better security systems. However, Conficker has also brought it home that there is still a LONG way to go on this front and that no 100% safe in the IT world.

I think at the minute it's a wait and see game, but take all the necessary precautions. Nowadays it's best to be one step ahead.

The consequences in my house are that each time the kids manage to infect themselves their machine gets unplugged from the net until I've got time to fix it. "Until I've got time" takes twice as long for each infection.

They finally got the message when they were without internet access for a fortnight. They know that next time they get infected it'll be a month.

There have been no infections for the last several years, as a month without internet is a sufficient consequence to get them to be careful :):):)

My computers are running normally and carry appropriate virus /malware protection (Avast at the moment) The other day I was typing something into "word" on my laptop. I noticed that when typing in a word, the first letter would appear and then there was a delay before the rest of the word appeared. A thorough Malwarebytes scan was immediately initiated and a trojan was discovered on the d: partition of my hard drive. Now this partition is only used to store windows recovery files and is thus hardly ever accessed. How did it get there? Anyway, said trojan is now deleted and normal service (without delays) has been resumed. In recent months I have discovered several trojans on my machines - they are quite sophisticated - I had one recently which was preventing my antivirus and antimalware software from updating itself. It was not however preventing downloads thus I could download a copy of malwarebytes which was fully updated and which found and destroyed the trojan. If Saab will permit me a brief plug for this free software - it often publishes update files more frequently than daily and it has sorted out my malware on several occasions - not that there is not other excellent free software for this purpose out there.

P.P.

But it begs the question "what was the A/V software doing letting it in the first place"?

P.Pilcher
 

Thanks for that, just tried it and it found eyewateringly too many.