April Fools’ Day Computer Worm
Published: March 31, 2009
Updated: March 31, 2009
There has been a lot of talk lately about the April Fools’ Day worm known as Conficker.
The internet is buzzing with speculation about what this nasty bug may ultimately do.
The truth is - no one really knows. The one thing we do know that this worm is periodically calling out to the internet asking for instructions.
Until it gets those instructions on April 1st it is all speculation.
Could it erase your family photos from your computer? - Maybe.
Could it change your screensaver to read “Why did the chicken cross the road? Because Conficker made it?“ - Who knows?
Could it create a zombie army of computers that will rise up against their human masters and constantly slam firewalls of financial institutions, effectively shutting down their networks and as a result crumble the world economy? - it’s a good premise for a movie (I am calling Hollywood right now) Yet again - no one knows.
Me and an IT friend think you will get a popup that says “April Fools from Conficker!“
I am not trying to make light of the situation, but that is as good as possibility as anything else anyone will tell you.
Check out this 60 Minutes segment on Conficker and viruses
Geek Alert - technical content ahead - from Nik Brown at our sister property at TriCities.com
Why is Wednesday significant? It marks the day that currently infected computers will generate a list of 50,000 new domains a day that they could try. Of that group, the botnet (a network of computers under control of a remote hacker) will randomly select 500 for the machines to actually query. So far, Conficker-infected machines have been trying to connect each day to 250 Internet domains.
The virus authors need to get just one of those domains under their control to send their commands to the botnet. Once they have control of the Conficker botnet they can sell its services to spammers or use it to take down other internet sites or networks.
The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta.
The worm only effects Microsoft Windows based computers. If you are running Apple OS X, Linux or a UNIX operating system your computer can not be infected.
Unlike other Internet threats that trick people into downloading a malicious program, Conficker is so good at spreading because it finds vulnerable PCs on its own and doesn’t need human involvement to infect a machine.
Once inside, it does nasty things. The worm tries to crack administrators’ passwords, disables security software, blocks access to antivirus vendors’ websites to prevent updating, and opens the machines to further infections by Conficker’s authors. Someone whose machine is infected might have to reinstall the operating system.
End geek alert
It is estimated that anywhere from 3 to 10 million computers are infected.
Why so many?
People aren’t updating the security on your computer!
Also there are a lot of pirated copies of Windows in Europe and China.
Without a valid copy of Windows - you can’t download the security updates which leaves you vulnerable.
Do you think you might be infected? A healthy dose of paranoia is never bad when you are dealing with viruses.
So what can you do?
These are instruction for people with a valid copy of Windows.
If you have a pirated copy - pay for Windows like the rest of us - arrggg!
Protect Yourself
1. Make sure automatic updates are on. Click Here to Learn how to do this in Vista, and here for automated updates on XP. If you are running Windows 98 or 2000 ... you need a new operating system. Microsoft does not support these anymore.
You can always update your Windows through their website also. http://www.windowsupdate.microsoft.com/
2. Make sure your Internet browser is updated. The latest version of Internet Explorer is IE8. I personally am not a fan of it, but make sure you have at least Internet Explorer 7. If you are not sure what version you have ... here is how to find out. With your internet browser open click on help and then about Internet Explorer. If you don’t have at least IE7 - then upgrade. Click Here to upgrade to IE7
Mozilla Firefox is another great browser a lot of people are using. It also doesn’t have some “vulnerabilities” that Internet Explorer has. When I say “vulnerabilities” I mean virus programmers are not writing viruses specifically for Firefox like they do for Internet Explorer. You can download Firefox free here.
3. Make sure you have virus protection. Most virus protection should stop Conficker. If you do have virus protection make sure it is up to date. It is always a good idea to make sure it is set to update automatically.
If you don’t have virus protection software ... well you are asking for it.
There are some great free protection programs out there. I use Avast! on my personal computer. It is free and works well. You can download it here.
So far we have covered everything you should already be doing. Now let’s talk about what you can do to get Conficker off your computer if you have it.
How do I know if I have Conficker?
1. If you cannot get into security websites and services, check your computer as soon as possible.
2. If you are unable to run Microsoft Windows Update, you may have the worm
3. If you are being locked out of a directory, then that is just one symptom.
4. If suddenly there are tasks created and scheduled on your computer, you may want to check if you already have a CF Worm running on it.
5. If you are being denied access to the admin account or password, this is a possible symptom of the Worm.
Download Microsoft’s Malicious Software Removal Tool. It’s free and can remove Conficker from your computer. Download Microsoft Malicious Software Removal Tool Here
More tools you may want to try to remove Conficker:
http://onecare.live.com/site/en-us/default.htm?s_cid=sah
http://www.bitdefender.com/VIRUS-1000462-en—Win32.Worm.Downadup.Gen.html
http://www.enigmasoftware.com/conficker_removal_tool_more_info.php
http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml
http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=3
f-secure FAQ page on the Conficker worm:
http://www.f-secure.com/weblog/archives/00001636.html
Microsoft page on the Conficker worm:
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
Home users may also call Microsoft PC Safety hotline at 1-866-PCSAFETY, for assistance.
Advertisement
Reader Reactions
I just think it is interesting that this was not even considered any sort of threat by the media until now.
This has been known about since October of last year.
Quote from wikipedia.
Four main variants of the Conficker worm are known and have been dubbed Conficker A, B, C and D. They were discovered 21 November 2008, 29 December 2008, 20 February 2009, and 4 March 2009, respectively.
While on the internet recently I met MS Antispyware 2009. I lost everything and did not have my files backed up. Dell tech support did a factory restore without warning me that I would lose everything and charged me $240.00 to do it from India. According to them the virus attaches to system files. The MS Malware Removal Tool removes the virus along with the system files. This causes the computer to shut down at start up. Learn to back up your system. I was left with one icon after this very costly mistake. Neither Windows Firewall nor AVG Free prevented the attack. Such attacks are equivalent to any natural disaster and come without warning. Computers are much too weak to be trusted. Entertainment and information exchange is not critical. Our failure is that far too many critical systems in our society are at risk to hackers and power outages. If this is progress, it does not look good to me.
It is also know as Downadup.
To say that the worm hasn’t caused any problems isn’t exactly true.
It has caused some documented problems with not allowing antivirus software to download it’s updated virus definitions. To me that’s a problem considering symantic says it updates it’s database every 60 seconds. People are writing viruses faster than they can counter them.
Granted, a lot of the viruses out there are variants of previous viruses so the antivirus software usually picks them them up. What causes a stir is when some creates something new i.e. a highly infectious variant that takes no user action to spread and to top it off .. no one knows what it will do. Isn’t your imagination tweeked a little to see what happens?
Me and and an IT guy here at WSPA think you will get a popup that says “April Fools’ from Conficker”
The upside of this is it is getting people to think about their computer instead of never doing anything to it to maintain it.
Not everyone is an IT person so I tried to make this a straight forward as possible.
I talked to my friend who was worried about this I took a look and he didn’t have automatic virus and windows updates on. Is he stupid? Of course not, he just didn’t know she had to do anything to the computer.
So the media exposure of this virus has been a blessing in my opinion. It is getting people to think about whether or not their computer is vulnerable.
I am a tech person and I am worried and I keep up with it. Out of site out of mind won’t protect you from a viruses, worms, trojens and malware.
The Truth about Conficker
I’ve heard the “morning personalities” blabbing on about this terrible worm called “Conficker”. They were saying that the worm could possibly strike on April 1st and cause “all kinds of damage”.
Let me start by saying that I cannot stand non-technical people trying to tell the world about their computers. Most of the time this is just a ploy for ratings. It seems that Conficker is the new hot topic for those that want to boost ratings, so I thought I would straighten things out.
The Worm that everyone seems to be talking about is technically called Win32/Conficker.B. It is a variant of the Win32/Conficker.A Worm that came out several months ago. It also goes by the name Downadup. People are making a big deal about this worm because although it has infected computers, it hasn’t actually done anything yet. It has been laying dormant, waiting for instructions. This makes for a good news story, but here is what they are not telling you…
Conficker is not as bad as everyone makes it out to be. If your computer is up to date, you most likely do not have Conficker and you are safe. As a matter of fact, if you do your updates regularly,or have windows set to automatically update Microsoft will scan your system monthly with the Malicious Software Removal Tool and Conficker will be removed.
Advertisement