Conficker worm is awaiting instructions on what to execute on today's April Fool's Day date. So far, at about 4:25 CST, so far the threat appears to be benign but once again the malware is awaiting instruction and that could come anytime after today's date so the 12 million computers it is estimated to have infected are like soldiers awaiting orders to begin battle or go to war.
Intro:
The internet worm was discovered in October, 2008 and has been downloaded via email or tainted websites that have been hacked and malware scripts installed in the background. Some computer users have downloaded Conficker unintentionally while actually trying to find anti-malware removers to legitimately eraticate the worm. Users should be very cautious following links on websites as many are becoming infected searching for information about Conficker and surfing the internet to websites that are intentionally or unintentionally installing the malware to users' computers.
Dallas computer virus removal has seen numerous laptops and desktops infected with Conficker and its many mutations. Often times the drives must be removed from the machines and slaved to a working computer system with the latest virus, trojan, adware, spyware and malware signatures to root out the worm as it mutates many times daily. The worm is very difficult to remove and often times the only way to repair the machines are to reload the operating system after several scans of malware removal that will not remove all malware components.
History and Problems:
The problem partly lies with hacker kids in Russia and two mafia groups, one in Eastern Europe and the other in Russia. These two groups know of each other and compete with each other to attempt to put bogus virus removers on laptops and desktops. Once the malware is installed the two different pieces of malware can conflict with each other as each one tries to dominate the machine.
There are three versions of Conficker, Conficker A which came out around October, Conficker B that came out in January of this year and Conficker C that is waiting for instruction on April 1, 2009. All three versions of Conficker contain a list of 50,000 websites that give commands to the worm at the instructions of the malware authors. Microsoft has issued a $250,000 reward for the capture and conviction of the Conficker authors.
Conficker displays a splash screen upon startup of PC's that often interferes with the normal startup files causing conflict and diffeculty of removal because often the machines will not fully boot to the desktop where further work would allow full removal. Without the ability to fully boot and after slaving the infected drive to another working machine and removing all malware possible then the only way to repair the machine is to fully reinstall the operating system. Interesting, as only Windows is the only target of the worm with Linux and Mac systems immune from Conficker attacks.
How to Tell if Infected:
Recommendations:
The Computer Emergency Response Team suggests that computer users:
Intro:
The internet worm was discovered in October, 2008 and has been downloaded via email or tainted websites that have been hacked and malware scripts installed in the background. Some computer users have downloaded Conficker unintentionally while actually trying to find anti-malware removers to legitimately eraticate the worm. Users should be very cautious following links on websites as many are becoming infected searching for information about Conficker and surfing the internet to websites that are intentionally or unintentionally installing the malware to users' computers.
Dallas computer virus removal has seen numerous laptops and desktops infected with Conficker and its many mutations. Often times the drives must be removed from the machines and slaved to a working computer system with the latest virus, trojan, adware, spyware and malware signatures to root out the worm as it mutates many times daily. The worm is very difficult to remove and often times the only way to repair the machines are to reload the operating system after several scans of malware removal that will not remove all malware components.
History and Problems:
The problem partly lies with hacker kids in Russia and two mafia groups, one in Eastern Europe and the other in Russia. These two groups know of each other and compete with each other to attempt to put bogus virus removers on laptops and desktops. Once the malware is installed the two different pieces of malware can conflict with each other as each one tries to dominate the machine.
There are three versions of Conficker, Conficker A which came out around October, Conficker B that came out in January of this year and Conficker C that is waiting for instruction on April 1, 2009. All three versions of Conficker contain a list of 50,000 websites that give commands to the worm at the instructions of the malware authors. Microsoft has issued a $250,000 reward for the capture and conviction of the Conficker authors.
Conficker displays a splash screen upon startup of PC's that often interferes with the normal startup files causing conflict and diffeculty of removal because often the machines will not fully boot to the desktop where further work would allow full removal. Without the ability to fully boot and after slaving the infected drive to another working machine and removing all malware possible then the only way to repair the machine is to fully reinstall the operating system. Interesting, as only Windows is the only target of the worm with Linux and Mac systems immune from Conficker attacks.
How to Tell if Infected:
- Users that cannot update their antivirus or other malware tools can assume that Conficker is installed deeply in the system and not allowing any updates or downloads from legitimate antivirus and malware vendors.
- Users cannot boot into safe mode.
Recommendations:
The Computer Emergency Response Team suggests that computer users:
- Install all security patches updates for your PC. The instructions for Microsoft's updates are here.
- Install and update all anti-virus, spyware and adware programs that users have onhand.
- Make sure the firewall is turned on.
- If infected you may call Dallas Virus Removal for help.
- Read the CERT advisory on Windows AutoRun feature.
No comments:
Post a Comment