Just heard this on the radio about a serious virous going around the internet like wild fire. Here is the article from The New York Times
http://www.nytimes.com/2009/01/23/technology/internet/23worm.html?_r=1&ref=technology
Here is the fix to clean your computer if it's infected with it I have run the program before and it is easy to use
http://support.microsoft.com/kb/962007
Here is the download link
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
Jim
Join the best erotica focused adult social network now
Login
CONFICKER VIRUS serious windows virus
Matriarch
I got a rash just opening this thread!
Thanks for the head's up BB. I have been downloading updates for about half an hour now, I can't say I've done it in the last 6 months at least, but this is good cause to
Thanks for the head's up BB. I have been downloading updates for about half an hour now, I can't say I've done it in the last 6 months at least, but this is good cause to
Active Ink Slinger
So true BB. I back-up on an external Hard drive and when done - un plug it from the computer. And I run updates on my security and Micro weekly.
Bat
Bat
Matriarch
I installed the latest update, which was service pack 3 think, and was unable to boot properly, all I ended up with was my desktop with nothing on it at all. I've just had to reboot in safe mode and roll back to where I was last week. Stupid microsoft.8DR8AGSNTWuvbcYg
I love them Microsoft they have been promising a faster operating system since Windows ME(worst version they came out with) But if you ask me they just add so much crap to it makes the whole computer slower. And god for bid something isn't working right with your computer when you update you just pray the thing will boot normally as in Nicolas case. I work on the for a living and keep my fingers crossed all the time when they first boot up it is just so aggravating at times we pay a premium in price for the program make the damn thing just work the first time. Yeah right O.K. I'm off the soap box for now.
It's also called Downadup, and here's news from a better source, the F-Secure place:
Downadup infections appear to have peaked during the week.
As time passes, the number of estimated Downadup infections becomes more problematic to calculate as we are monitoring a varying number of domains. Re-infections may also be inflating the count. In any case, today seems better than the day before and we think that growth of Downadup has been curbed. Disinfection of the worm remains a challenge.
So let's look at Thursday's IP count, where are the infected computers?
Our sinkhole logged just over one million unique IP addresses yesterday. This is compared to 350,000 last Friday. Remember, there may be any number of computers sitting behind a single IP address.
China, Russia, and Brazil have the highest IP count. Combined, they account for nearly 41 percent of the total.
Only a bit over 1 percent came from the United States…
Here's the breakdown by country:
Number of IPs Registered Country of the IP
1388 Sweden
1394 Peru
1555 Yemen
1669 Canada
1723 Hong Kong
1803 Czech Republic
1906 Sri Lanka
2178 Croatia
2179 Austria
2249 Moldova
2486 Lithuania
2839 Ecuador
2971 Slovakia
3127 Bosnia and Herzegovina
3269 Jordan
3451 Vietnam
4310 Portugal
4423 Saudi Arabia
4666 Spain
4895 Japan
5572 Iran
5763 Republic of Macedonia
6758 Poland
6822 Hungary
6900 Bulgaria
7857 United Kingdom
7973 Pakistan
8088 France
8328 Turkey
10249 Venezuela
10527 Mexico
10683 .EU
11779 United States (1.17%)
12629 Kazakhstan
14785 Colombia
15697 Germany
16154 Taiwan
16924 Philippines
17285 Malaysia
17312 Thailand
17322 Chile
21263 Indonesia
36070 Argentina
39156 Romania
39712 Italy
39731 South Korea
63939 Ukraine
64035 India
120197 Brazil (11.9%)
139934 Russia (13.9%)
152016 China (15.1%)
So I would advise all of you to go get the latest virus signatures (update) from your antivirus program.
Downadup infections appear to have peaked during the week.
As time passes, the number of estimated Downadup infections becomes more problematic to calculate as we are monitoring a varying number of domains. Re-infections may also be inflating the count. In any case, today seems better than the day before and we think that growth of Downadup has been curbed. Disinfection of the worm remains a challenge.
So let's look at Thursday's IP count, where are the infected computers?
Our sinkhole logged just over one million unique IP addresses yesterday. This is compared to 350,000 last Friday. Remember, there may be any number of computers sitting behind a single IP address.
China, Russia, and Brazil have the highest IP count. Combined, they account for nearly 41 percent of the total.
Only a bit over 1 percent came from the United States…
Here's the breakdown by country:
Number of IPs Registered Country of the IP
1388 Sweden
1394 Peru
1555 Yemen
1669 Canada
1723 Hong Kong
1803 Czech Republic
1906 Sri Lanka
2178 Croatia
2179 Austria
2249 Moldova
2486 Lithuania
2839 Ecuador
2971 Slovakia
3127 Bosnia and Herzegovina
3269 Jordan
3451 Vietnam
4310 Portugal
4423 Saudi Arabia
4666 Spain
4895 Japan
5572 Iran
5763 Republic of Macedonia
6758 Poland
6822 Hungary
6900 Bulgaria
7857 United Kingdom
7973 Pakistan
8088 France
8328 Turkey
10249 Venezuela
10527 Mexico
10683 .EU
11779 United States (1.17%)
12629 Kazakhstan
14785 Colombia
15697 Germany
16154 Taiwan
16924 Philippines
17285 Malaysia
17312 Thailand
17322 Chile
21263 Indonesia
36070 Argentina
39156 Romania
39712 Italy
39731 South Korea
63939 Ukraine
64035 India
120197 Brazil (11.9%)
139934 Russia (13.9%)
152016 China (15.1%)
So I would advise all of you to go get the latest virus signatures (update) from your antivirus program.
Conficker worm gets an evil twin
By Robert McMillan , IDG News Service , 02/20/2009
The criminals behind the widespread Conficker worm have released a new version of the malware that could signal a major shift in the way the worm operates.
The new variant, dubbed Conficker B++, was spotted three days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines.
Conficker-infected machines could be used for nasty stuff -- sending spam, logging keystrokes, or launching denial of service (DoS) attacks, but an ad hoc group calling itself the Conficker Cabal has largely prevented this from happening.
Please update your antivirus today.
By Robert McMillan , IDG News Service , 02/20/2009
The criminals behind the widespread Conficker worm have released a new version of the malware that could signal a major shift in the way the worm operates.
The new variant, dubbed Conficker B++, was spotted three days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines.
Conficker-infected machines could be used for nasty stuff -- sending spam, logging keystrokes, or launching denial of service (DoS) attacks, but an ad hoc group calling itself the Conficker Cabal has largely prevented this from happening.
Please update your antivirus today.
Everyone read, please. This is due to hit on April 1. Be sure you have your latest update for your antivirus software.
NEW YORK, March 24 (UPI) -- A group of online detectives in the United States is looking for a computer worm called Conficker C that is believed to be poised to do its damage on April 1.
The researchers told CNN that the worm is thought to be present in 5 million to 10 million computers, but so far the infection has no symptoms. On April Fool's Day, those computers will become slaves to a master computer, Don DeBolt, director of threat research for the New York software company CA, said.
Microsoft has put up a $250,000 reward. Members of the Conficker Cabal, as the researchers call themselves, say that they are also motivated by the joy of the hunt.
"We love catching bad guys," said Alvin Estevez, CEO of Enigma Software Group, which is one of many companies trying to crack Conficker. "We're like former hackers who like to catch other hackers. To us, we get almost a feather in our cap to be able to knock out that worm. We slap each other five when we're killing those infections."
NEW YORK, March 24 (UPI) -- A group of online detectives in the United States is looking for a computer worm called Conficker C that is believed to be poised to do its damage on April 1.
The researchers told CNN that the worm is thought to be present in 5 million to 10 million computers, but so far the infection has no symptoms. On April Fool's Day, those computers will become slaves to a master computer, Don DeBolt, director of threat research for the New York software company CA, said.
Microsoft has put up a $250,000 reward. Members of the Conficker Cabal, as the researchers call themselves, say that they are also motivated by the joy of the hunt.
"We love catching bad guys," said Alvin Estevez, CEO of Enigma Software Group, which is one of many companies trying to crack Conficker. "We're like former hackers who like to catch other hackers. To us, we get almost a feather in our cap to be able to knock out that worm. We slap each other five when we're killing those infections."
(CNET) This story was written by CNET's Elinor Mills.
There's been lots of hype about the fact that the latest variant of the Conficker worm is set to start communicating with other computers on the Internet on April 1--like an April Fool's Day time bomb with some mysterious payload.
But security researchers say the reality is probably going to be more like what happened when the clocks on the world's computers turned to January 1, 2000, after lots of dire predictions about the so-called millennium bug. That is, not much at all.
"It doesn't mean we're going to see some large cyber event on April 1," Dean Turner, director of the global intelligence network at Symantec Security Response, said on Wednesday.
It's likely that the people behind Conficker are interested in using the botnet, which is comprised of all the infected computers, to make money by distributing spam or other malware, experts speculate. To do so, they would need the computers and networks to stay in operation.
"Most of these criminals, even though they haven't done something with this botnet yet, are profit-driven," said Paul Ferguson, an advanced-threats researcher for Trend Micro. "They don't want to bring down the infrastructure. That would not allow them to continue carrying out their scams."
To help clear up some of the confusion about Conficker, here are answers to common questions people may have.
What is Conficker and how does it work?
Conficker is a worm, also known as Kido or Downadup, that cropped up in November. It exploits a vulnerability in Windows that Microsoft patched in October.
Conficker.B, detected in February, added the ability to spread through network shares and via removable storage devices, like USB drives, through the AutoRun function in Windows.
Conficker.C, which surfaced earlier this month, shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It also reaches out to other infected computers via peer-to-peer networking and includes a list of 50,000 different domains, of which 500 will be contacted by the infected computer on April 1 to receive updated copies or other malware or instructions. Previous Conficker variants were written to connect to 250 domains a day.
Among the domains targeted by Conficker was that of Southwest Airlines, which was expected to see an increase in traffic from the botnet on March 13. But a Southwest spokesman said the worm had had no impact on the site.
Where did Conficker come from?
Some pieces of the Conficker code and methodologies it uses are similar to those used in previous botnet worms created by the underground operation known as the Russian Business Network and cohorts in the Ukraine, Ferguson said. But while there is speculation, researchers don't know for sure who is involved, he said.
"There is some evidence to indicate that this might at one point have been tied to distribution of misleading apps and rogue affiliate networks," said Symantec's Turner.
How is it different from other Internet worms?
Conficker has grown increasingly sophisticated with each iteration, with features designed to increase its longevity, most likely in response to researchers' attempts to block it. After researchers began preregistering domains targeted in the code, the Conficker.C authors upped the ante by having the algorithm generate 50,000 possible domains, instead of just 250, throwing a big roadblock into efforts to counter the worm. The creators also are using advanced encryption to obscure the instructions detailing which random 500 of the 50,000 domains will actually be contacted on April 1.
It appears the authors may also be intending to create domain collisions by targeting domains that are already in use by legitimate owners, Ferguson said.
"They're creating collateral damage, throwing a monkey wrench into our ability to counter them," he said. "What they're trying to do is make our lives miserable on any efforts to mitigate the threat."
Some of the tactics, including the domain randomization, inter-node communication, and use of strong encryption, are new, according to Ferguson.
"They are using tactics that are probably the most complex and sophisticated botnet tactics we've seen to date," he said. "This is very professionally architected design and development."
Added Turner: "This is the first widespread distribution of a worm since about 2004," when Sasser came out. That worm was believed to have infected as many as 500,000 computers.
What is being done to fight Conficker?
Microsoft has partnered with all the major security companies and domain registrars and registries to form the Conficker Coalition Working Group. The parties are collaborating on research, trying to put the pieces of the puzzle together and figure out who is behind the worm and how to stop it. They are using techniques like behavioral analysis of the code and reverse engineering, but researchers don't want to reveal too much information on their efforts. "We have made headway but I'm hesitant to talk about how far we've gotten," Turner said.
Researchers in the U.S. are preregistering domains that are targeted, but experts in Canada are going even further. The Canadian Internet Registration Authority is taking steps to block domains generated in Conficker code that fall in the .ca top-level domain from being used in the botnet, the nonprofit agency said. "If other domain registries were able to do the same thing it would go a long way toward helping mitigate some of the ability for the botnet to breathe," Ferguson said.
Conficker has proved to be such a nuisance that Microsoft has even offered a $250,000 reward for information leading to an arrest in the Conficker case.
What can I do?
Computer users should apply the Microsoft patch and update their antivirus and other security software.
Windows users should also apply a Microsoft update for the AutoRun feature in Windows that was released in February. The patch allows people to selectively disable the Autorun functionality for drives on a system or network to provide more security, to ensure that it is truly disabled. In addition to putting USB drive users at risk of Conficker and other viruses, the Autorun functionality has been blamed for infections from digital photo frames and other storage types.
Panda also has released a free "vaccine" tool for blocking viruses that spread through USB drives.
Microsoft has a Conficker removal tool. More botnet information and removal resources are on the Shadowserver Web site.
There's been lots of hype about the fact that the latest variant of the Conficker worm is set to start communicating with other computers on the Internet on April 1--like an April Fool's Day time bomb with some mysterious payload.
But security researchers say the reality is probably going to be more like what happened when the clocks on the world's computers turned to January 1, 2000, after lots of dire predictions about the so-called millennium bug. That is, not much at all.
"It doesn't mean we're going to see some large cyber event on April 1," Dean Turner, director of the global intelligence network at Symantec Security Response, said on Wednesday.
It's likely that the people behind Conficker are interested in using the botnet, which is comprised of all the infected computers, to make money by distributing spam or other malware, experts speculate. To do so, they would need the computers and networks to stay in operation.
"Most of these criminals, even though they haven't done something with this botnet yet, are profit-driven," said Paul Ferguson, an advanced-threats researcher for Trend Micro. "They don't want to bring down the infrastructure. That would not allow them to continue carrying out their scams."
To help clear up some of the confusion about Conficker, here are answers to common questions people may have.
What is Conficker and how does it work?
Conficker is a worm, also known as Kido or Downadup, that cropped up in November. It exploits a vulnerability in Windows that Microsoft patched in October.
Conficker.B, detected in February, added the ability to spread through network shares and via removable storage devices, like USB drives, through the AutoRun function in Windows.
Conficker.C, which surfaced earlier this month, shuts down security services, blocks computers from connecting to security Web sites, and downloads a Trojan. It also reaches out to other infected computers via peer-to-peer networking and includes a list of 50,000 different domains, of which 500 will be contacted by the infected computer on April 1 to receive updated copies or other malware or instructions. Previous Conficker variants were written to connect to 250 domains a day.
Among the domains targeted by Conficker was that of Southwest Airlines, which was expected to see an increase in traffic from the botnet on March 13. But a Southwest spokesman said the worm had had no impact on the site.
Where did Conficker come from?
Some pieces of the Conficker code and methodologies it uses are similar to those used in previous botnet worms created by the underground operation known as the Russian Business Network and cohorts in the Ukraine, Ferguson said. But while there is speculation, researchers don't know for sure who is involved, he said.
"There is some evidence to indicate that this might at one point have been tied to distribution of misleading apps and rogue affiliate networks," said Symantec's Turner.
How is it different from other Internet worms?
Conficker has grown increasingly sophisticated with each iteration, with features designed to increase its longevity, most likely in response to researchers' attempts to block it. After researchers began preregistering domains targeted in the code, the Conficker.C authors upped the ante by having the algorithm generate 50,000 possible domains, instead of just 250, throwing a big roadblock into efforts to counter the worm. The creators also are using advanced encryption to obscure the instructions detailing which random 500 of the 50,000 domains will actually be contacted on April 1.
It appears the authors may also be intending to create domain collisions by targeting domains that are already in use by legitimate owners, Ferguson said.
"They're creating collateral damage, throwing a monkey wrench into our ability to counter them," he said. "What they're trying to do is make our lives miserable on any efforts to mitigate the threat."
Some of the tactics, including the domain randomization, inter-node communication, and use of strong encryption, are new, according to Ferguson.
"They are using tactics that are probably the most complex and sophisticated botnet tactics we've seen to date," he said. "This is very professionally architected design and development."
Added Turner: "This is the first widespread distribution of a worm since about 2004," when Sasser came out. That worm was believed to have infected as many as 500,000 computers.
What is being done to fight Conficker?
Microsoft has partnered with all the major security companies and domain registrars and registries to form the Conficker Coalition Working Group. The parties are collaborating on research, trying to put the pieces of the puzzle together and figure out who is behind the worm and how to stop it. They are using techniques like behavioral analysis of the code and reverse engineering, but researchers don't want to reveal too much information on their efforts. "We have made headway but I'm hesitant to talk about how far we've gotten," Turner said.
Researchers in the U.S. are preregistering domains that are targeted, but experts in Canada are going even further. The Canadian Internet Registration Authority is taking steps to block domains generated in Conficker code that fall in the .ca top-level domain from being used in the botnet, the nonprofit agency said. "If other domain registries were able to do the same thing it would go a long way toward helping mitigate some of the ability for the botnet to breathe," Ferguson said.
Conficker has proved to be such a nuisance that Microsoft has even offered a $250,000 reward for information leading to an arrest in the Conficker case.
What can I do?
Computer users should apply the Microsoft patch and update their antivirus and other security software.
Windows users should also apply a Microsoft update for the AutoRun feature in Windows that was released in February. The patch allows people to selectively disable the Autorun functionality for drives on a system or network to provide more security, to ensure that it is truly disabled. In addition to putting USB drive users at risk of Conficker and other viruses, the Autorun functionality has been blamed for infections from digital photo frames and other storage types.
Panda also has released a free "vaccine" tool for blocking viruses that spread through USB drives.
Microsoft has a Conficker removal tool. More botnet information and removal resources are on the Shadowserver Web site.
Matriarch
I just found this on - the Dept Homeland Security have issued a free tool: http://www.dhs.gov/ynews/releases/pr_1238443907751.shtm
This will show if it's on your system: http://www.bdtools.net/
Mac Users probably need not worry. That's you Pam.
This will show if it's on your system: http://www.bdtools.net/
Mac Users probably need not worry. That's you Pam.
Let's just hope that it truly is one big hoax and they catch the people behind it. After seeing the report on 60 minutes Sunday rather scary what could really happen if it does actually launch but they say it may all be one big fake as it has been dormant for so long. I think all the media hype has helped with that.
Matriarch
I firmly believe all these hypes are created by the Anti-Virus companies themselves to sell more units.
Sales down? Let's hype up a virus threat and spread it all over the gullible news channels. All the big virus companies are probably in on it, they will all benefit, it's like a secret society (probaby!).
That's my story for the day.
OMG it's upon us already!!!
We have 6,913 registered members.
The newest member is ConfickerVirus.
Sales down? Let's hype up a virus threat and spread it all over the gullible news channels. All the big virus companies are probably in on it, they will all benefit, it's like a secret society (probaby!).
That's my story for the day.
OMG it's upon us already!!!
We have 6,913 registered members.
The newest member is ConfickerVirus.
Agreed Nic I am right with ya on that one. Otherwise what would really posses people to keep writing viruses? I mean going back in the early days of windows you never heard much about them sure they were out there but it was very rare to know so much about them like we do today. Just a huge con game if you ask me.
Matriarch
What an anti-climax. Worse than the follow up to Silence of the Lambs.
Active Ink Slinger
No Doubt! And it only took me 23 hours to download and upload all that new virus and windows updates shit!