LandzDown Forum

Romanians find cure for conficker
Removal tool may spell the end for the notorious Windows worm
Darren Pauli 12/03/2009 17:16:00

BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.

The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting.

Security experts claim the worm is the worst infection to date, second to the SQL slammer worm that devastated the Internet in 2003.

The Romanian security vendor said its removal tool, available here, will delete all versions of Downadup and will not be detected by the virus.

Senior malware analyst Vlad Valceanu said the worm is difficult to remove because it contains an in-built update service.

“BitDefender Labs has been seeing an increase in worms, like Downadup, that have a built-in mathematical algorithm, generating strings based on the current date,” Valceanu said in a written statement.

“The worms then produce a fixed number of domain names on a daily basis and check them for updates.

“This makes it easy for malware writers to upgrade a worm or give it a new payload, as they only have to register one of the domains and then upload.

Link to Removal Tools:

 http://bdtools.net/


Paddy..

In the run up to April 1st, McAfee is offering a special build of its stand-alone cleaning tool christened Stinger which will be updated on a daily basis to include any undetected Conficker variants from the wild.

Please ensure that your copy of Microsoft Windows is patched and security software is fully up to date to ensure that April 1st 2009, is a day like any other day!

http://www.majorgeeks.com/McAfee_AVERT_Stinger_Conficker__d6157.html

zep.

Info from another forum...

  Are these the same irresponsible people who drink and drive?

Maybe, but I think that we now have evidence that they are the people who run the UK! See http://www.theregister.co.uk/2009/03/27/conficker_parliament_infection/

in the most recent windows secrets newsletter there is an excellent article which covers the issues that people who are currently infected are experiencing in that they can not get to any of the removal tools or help sites including windows update to get the patch.    Very good info.
Run a Conficker removal tool before April 1

Corrine excellent write up on your blog also!

Although very important, particularly considering the Conficker has already hit the House of Commons, military, hospitals and other corporate entities, that is for networks, R-C.  Network Admins can run the tool to find out if there are any infected PCs on the LAN or WAN.  (Sadly, at least as of yesterday, the very first Google search result for "nmap conficker" was malware.Nmap.)

If you can reach Microsoft Updates, ESET, Sophos, Symantec, etc., then your computer is not infected with this worm and there is no need to run the removal tool.  (Illustrated in the BitDefender video on the BitDefender downadup (Conficker) removal tool:  http://www.youtube.com/watch?v=P9Oj01CI0dM )

On the the other hand, to help protect your computer from Conficker as well as other worms, trojans, etc., the same instructions apply -- Microsoft Security Updates, A/V, Firewall, disable file sharing & autorun.

If infected with Conficker, until the domain is blocked, the BD tool is available here.

Security experts are downplaying the potential impact of a virus which some believe is set to strike on 1 April.

Conficker has infected up to 15 million computers to date and is set to change the way it works on Wednesday.

http://news.bbc.co.uk/1/hi/technology/7973131.stm

Paddy..

Corrine I think the BBC is down playing this threat  / or just reporting the downplay 
http://news.bbc.co.uk/today/hi/today/newsid_7973000/7973672.stm

Paddy..