LIL NOOB Posted April 1, 2009 Share Posted April 1, 2009 Last-minute Conficker survival guide! Tomorrow -- April 1 -- is D-Day for Conficker, as whatever nasty payload it's packing is currently set to activate. What happens come midnight is a mystery: Will it turn the millions of infected computers into spam-sending zombie robots? Or will it start capturing everything you type -- passwords, credit card numbers, etc. -- and send that information back to its masters? No one knows, but we'll probably find out soon. Or not. As Slate notes, Conficker is scheduled to go "live" on April 1, but whoever's controlling it could choose not to wreak havoc but instead do absolutely nothing, waiting for a time when there's less heat. They can do this because the way Conficker is designed is extremely clever: Rather than containing a list of specific, static instructions, Conficker reaches out to the web to receive updated marching orders via a huge list of websites it creates. Conficker.C -- the latest bad boy -- will start checking 50,000 different semi-randomly-generated sites a day looking for instructions, so there's no way to shut down all of them. If just one of those sites goes live with legitimate instructions, Conficker keeps on trucking. Conficker's a nasty little worm that takes serious efforts to bypass your security defenses, but you aren't without some tools in your arsenal to protect yourself. Your first step should be the tools you already have: Windows Update, to make sure your computer is fully patched, and your current antivirus software, to make sure anything that slips through the cracks is caught. But if Conficker's already on your machine, it may bypass certain subsystems and updating Windows and your antivirus at this point may not work. If you are worried about anything being amiss -- try booting into Safe Mode, which Conficker prevents, to check -- you should run a specialized tool to get rid of Conficker. Microsoft offers a web-based scanner (note that some users have reported it crashed their machines; I had no trouble with it), so you might try one of these downloadable options instead: Symantec's Conficker (aka Downadup) tool, Trend Micro's Cleanup Engine, or Malwarebytes. Conficker may prevent your machine from accessing any of these websites, so you may have to download these tools from a known non-infected computer if you need them. Follow the instructions given on each site to run them successfully. (Also note: None of these tools should harm your computer if you don't have Conficker.) As a final safety note, all users -- whether they're worried about an infection or know for sure they're clean -- are also wise to make a full data backup today. What won't work? Turning your PC off tonight and back on on April 2 will not protect you from the worm (sorry to the dozens of people who wrote me asking if this would do the trick). Temporarily disconnecting your computer from the web won't help if the malware is already on your machine -- it will simply activate once you connect again. Changing the date on your PC will likely have no helpful effect, either. And yes, Macs are immune this time out. Follow the above instructions to detect and remove the worm. http://tech.yahoo.com/blogs/null/132464 It might not be true..Since it's April fool day but you must avoid using the internet tomorrow. Link to comment Share on other sites More sharing options...
abu aufa Posted April 1, 2009 Share Posted April 1, 2009 Last-minute Conficker survival guide! Tomorrow -- April 1 -- is D-Day for Conficker, as whatever nasty payload it's packing is currently set to activate. What happens come midnight is a mystery: Will it turn the millions of infected computers into spam-sending zombie robots? Or will it start capturing everything you type -- passwords, credit card numbers, etc. -- and send that information back to its masters? No one knows, but we'll probably find out soon. Or not. As Slate notes, Conficker is scheduled to go "live" on April 1, but whoever's controlling it could choose not to wreak havoc but instead do absolutely nothing, waiting for a time when there's less heat. They can do this because the way Conficker is designed is extremely clever: Rather than containing a list of specific, static instructions, Conficker reaches out to the web to receive updated marching orders via a huge list of websites it creates. Conficker.C -- the latest bad boy -- will start checking 50,000 different semi-randomly-generated sites a day looking for instructions, so there's no way to shut down all of them. If just one of those sites goes live with legitimate instructions, Conficker keeps on trucking. Conficker's a nasty little worm that takes serious efforts to bypass your security defenses, but you aren't without some tools in your arsenal to protect yourself. Your first step should be the tools you already have: Windows Update, to make sure your computer is fully patched, and your current antivirus software, to make sure anything that slips through the cracks is caught. But if Conficker's already on your machine, it may bypass certain subsystems and updating Windows and your antivirus at this point may not work. If you are worried about anything being amiss -- try booting into Safe Mode, which Conficker prevents, to check -- you should run a specialized tool to get rid of Conficker. Microsoft offers a web-based scanner (note that some users have reported it crashed their machines; I had no trouble with it), so you might try one of these downloadable options instead: Symantec's Conficker (aka Downadup) tool, Trend Micro's Cleanup Engine, or Malwarebytes. Conficker may prevent your machine from accessing any of these websites, so you may have to download these tools from a known non-infected computer if you need them. Follow the instructions given on each site to run them successfully. (Also note: None of these tools should harm your computer if you don't have Conficker.) As a final safety note, all users -- whether they're worried about an infection or know for sure they're clean -- are also wise to make a full data backup today. What won't work? Turning your PC off tonight and back on on April 2 will not protect you from the worm (sorry to the dozens of people who wrote me asking if this would do the trick). Temporarily disconnecting your computer from the web won't help if the malware is already on your machine -- it will simply activate once you connect again. Changing the date on your PC will likely have no helpful effect, either. And yes, Macs are immune this time out. Follow the above instructions to detect and remove the worm. http://tech.yahoo.com/blogs/null/132464 It might not be true..Since it's April fool day but you must avoid using the internet tomorrow. Not really worried The latest version Avira Antivir user's protected http://www.avira.com/en/security_news/conficker_worm.html http://isc.sans.org/ Link to comment Share on other sites More sharing options...
Moderators Andavari Posted April 1, 2009 Moderators Share Posted April 1, 2009 With the latest Avast, and Microsoft/Windows updates there isn't much to worry about either. Link to comment Share on other sites More sharing options...
LIL NOOB Posted April 1, 2009 Author Share Posted April 1, 2009 I'm I protected if I use a free version of AVG? BTW here's a removal tool from Sysmantec. http://www.symantec.com/business/security_...-011316-0247-99 If you think you're infected you should download it..Even if you think you're not infect it..It's worth a try. Link to comment Share on other sites More sharing options...
Corona Posted April 2, 2009 Share Posted April 2, 2009 I'm sure the Symantec removal tool is good, but what do you do afterwards to remove the leftover registry bits of Symantec that refuse to leave after you uninstall it? I know, I know, but most newcomers don't. Link to comment Share on other sites More sharing options...
LIL NOOB Posted April 2, 2009 Author Share Posted April 2, 2009 I'm sure the Symantec removal tool is good, but what do you do afterwards to remove the leftover registry bits of Symantec that refuse to leave after you uninstall it? I know, I know, but most newcomers don't. Actually you don't need to install anything if you're not infected. Link to comment Share on other sites More sharing options...
acooldozen Posted April 2, 2009 Share Posted April 2, 2009 Conficker - How to instantly check your system for infections http://www.confickerworkinggroup.org/infec...cfeyechart.html ..........and Make yourself a Great Day! Cheers, Lyle Keep your software up to date http://www.dozleng.com/updates/index.php? Link to comment Share on other sites More sharing options...
kmillerusaf Posted April 3, 2009 Share Posted April 3, 2009 Conficker - How to instantly check your system for infections http://www.confickerworkinggroup.org/infec...cfeyechart.html Nice. Plain and simple There's always an exception to the rule. I'm that exception. Desktop ----- AMD Athlon 3700+ (2.64Ghz), 2GB DDR 400, ASUS A8N-SLI Premium, 500GB HD, Windows XP Pro SP3, Avira Antivir Personal At work ----- Intel C2D T1700 (1.6Ghz), 2GB DDR2 667, Dell OUY141, 80GB HD, Windows XP Pro SP2, Symantec 10 Laptop ----- Intel C2D P8400 (2.4 Ghz), 4GB DDR3 1066, Mainboard, 160GB HD, Dualboot: Windows 7/openSUSE 11.1, Avira Antivir Personal Link to comment Share on other sites More sharing options...
Icedrake Posted April 4, 2009 Share Posted April 4, 2009 Nice link acooldozen! Plain and simple like kmillerusaf said. Link to comment Share on other sites More sharing options...
abu aufa Posted April 6, 2009 Share Posted April 6, 2009 Conficker - How to instantly check your system for infections http://www.confickerworkinggroup.org/infec...cfeyechart.html Another link http://www.heise.de/security/dienste/brows...nficker_e.shtml & http://iv.cs.uni-bonn.de/fileadmin/user_up...ner/cfdetector/ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now