1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice

Conficker worm striking on April 1st? NOT A JOKE!

Discussion in 'UHall' started by DarkScripture, Apr 1, 2009.

  1. http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm#video
    This is real info on a April Fools Attack for today.
    Just thought I would share. Check out the link

    Downadup Webpage Blocklist by F-Secure
    http://www.f-secure.com/weblog/archives/00001582.html

    Microsoft Security Bulletin MS08-067 – Critical
    Vulnerability in Server Service Could Allow Remote Code Execution (958644)
    Published: October 23, 2008
    Version: 1.0
    http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

    *** Update for fast reference ***
    If you have XP SP3 Installed you should be good.
    Vista also..
    *************************************
    http://en.wikipedia.org/wiki/Conficker



    Do post a reply if you do not have this patch & it helps you. I would really like to know if it even helps only one.
     
  2. Black Sun

    Black Sun Grand Poobah
    Stratics Veteran Alumni

    Joined:
    Mar 19, 2003
    Messages:
    5,361
    Likes Received:
    19
    It's a possible it will attack today.
    Today it begins searching the net for it's instructions. If they aren't given today it will continue to search until they're sent out and the worm finds them.

    Basically, just because you don't get hit today, does not mean the threat's gone.
     
  3. I can verify this worm is real. It was on Yahoo news yesterday which gave links to several of the top antivirus company websites with instructions on how to DL the updated AV program.
     
  4. Bardie

    Bardie Lore Keeper
    Stratics Veteran

    Joined:
    May 20, 2008
    Messages:
    884
    Likes Received:
    1
    they have been smart enough to infect 50 mil computers, pretty sure they are smart enough not to launch an attack on when everyone is awaiting it...duh
     
  5. The authorities have already said there's nothing they can do to stop it or even trace it. It's set up to get instructions from any of 50,000 different web addresses which is more than they can do anything about.
     
  6. kelmo

    kelmo Old and in the way
    Professional Stratics Veteran Alumni Dread Lord

    Joined:
    May 12, 2008
    Messages:
    17,379
    Likes Received:
    4,698
    I don't think I will be googling much today...
     
  7. Malimus

    Malimus Guest

    Confirmed. Family member opened a e-mail with a .zip file attached. Bam they got infected. Careful everyone.
    The e-mail was some sort of e-card.

    With the passing away of my uncle this morning she thought it was a card from a relative or friend of family. :(
     
  8. Sweeney

    Sweeney Guest

    *sends you a .zip file condolence*

    Don't open anything you don't trust, and always keep your AV software up to date, the kind that scans any and every downloaded file.
     
  9. Harlequin

    Harlequin Babbling Loonie
    Stratics Veteran

    Joined:
    Jun 11, 2008
    Messages:
    2,716
    Likes Received:
    32
    That will not help actually. The author simply has not uploaded any of the 50000 urls with instructions. Yet.

    If he does it anytime after today, infected PCs will download the instructions then.

    Best to install MS Security update - MS08-067 if you do not use auto update. Those that have auto update turned on would already be immune.

    Still, a good idea to keep your AV/firewall proggies updated on a daily basis.
     
  10. Littleblue

    Littleblue Seasoned Veteran
    Stratics Veteran

    Joined:
    May 12, 2008
    Messages:
    485
    Likes Received:
    7

    Sorry to hear about your Uncle, Malimus.
     
  11. KinG DaviD

    KinG DaviD Guest

    just dont open anything on your email you arent expecting...been my motto since i started with the whole internet thing...ive never had a virus or trojan..
    and i dont always update my security stuff either...im not as computer literate as i shjould be after all these years...i guess im just a web surfer...hehe

    does that work still these days? just not opening stuff...i mean the only way "in" nowadays with all teh firewalls and stuff is if you "open" it..correct?
     
  12. To be completely honest, the worm sounds like a complete myth to me. While I haven't really read about any documented cases of the worm, there has been plenty of times for fakers and immitaters to develop worms that immitate what the Conflicker worm is suppose to do. So anyone who got a worm yesterday could have gotten an immitation. Tons of worms are launched on holidays.

    And stopping a worm from requesting instructions from a server is easy; turn off your wireless and/or unplug your LAN cables. If you think you have it, go buy a cheap virus scanner/firewall/security software and load it up. If you're really freaking out, do a format of your drive and save any important files on flash drive (scan it to ensure no worms/viruses have attatched to the files).

    If the worm in all acuallity infected 10** (edited) million computers/PCs, there would have been a much more widescale media spread of damage yesterday IF it was really suppose to time bomb yesterday.

    I'm not saying it doesn't exist but I haven't found it yet (and yes I do DL viruses to crap PCs to see what they do).
     
  13. Beastmaster

    Beastmaster Guest

    I cannot say where I work, but I can tell you that yesterday we were notified by Homeland Security that one of our PCs was infected with this virus. Located the PC and pulled it offline, and it was indeed infected.
     
  14. Katlene

    Katlene Guest

    bloody hell!:stretcher:
     
  15. It appears its not a complete hoax as I previously thought. I obtained an isolated copy of it on a friends flash drive from school when my virus scanner picked up an attempted intrusion. I did though install it on my old laptop which I'm kind of curious to see what it's going to do.

    So far the worm is capable of decrypting weak passwords, expand to blank media, search and spread through networks using network IPs. It has attempted to DL a file loadav.exe, which apparently through research is a false lead.

    It's fiesty.

    The best solutions for preventing your self from getting it are using strong passwords that otherwise wouldn't be easy for malware to decrypt (caps, numbers, symbols etc). Make sure you use recommended virus scanners/malware scanners and always have a secondary for backup like AVG or some other free stuff. Make sure you have a decent firewall like the McAfee internet suite. Always scan portable devices before attempting to open them/access the media.

    I haven't read any incidents of the worm accessing any of the 500 malware domains *yet*
     
  16. Malimus

    Malimus Guest

    Thanks for the kind words Littleblue. :)
     
  17. Lady Aalia

    Lady Aalia Atlantic's Finest
    Stratics Veteran Alumni

    Joined:
    May 13, 2003
    Messages:
    816
    Likes Received:
    2
    I know it has to be serius enough Hubby is NT for the Army here and they been just rotating about it.

    Evening of the 31.March his cell was ringing of the hook while i was trying to convince him to do yardwork!!
     
  18. Basara

    Basara UO Forum Moderator
    Moderator Professional Wiki Moderator Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Jul 16, 2003
    Messages:
    8,467
    Likes Received:
    591
    There's a web test out there for it called an "eye chart"...

    Essentially, it has 6 pictures on it.

    2 or 3 of the pictures will not show if you have the virus, as their source domains are blocked by the virus. other amounts of pictures blocked could indicate other issues, and all 6 blocked means you probably have your broswer not to show graphics at all :) .

    http://www.confickerworkinggroup.org/infection_test/cfeyechart.html