Author Topic: Deadline Approaches for Confiker (Downadup) Worm  (Read 6322 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15966
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Deadline Approaches for Confiker (Downadup) Worm
« on: March 25, 2009, 11:58:34 PM »


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1428
    • View Profile
Re: Conficker worm gets an evil twin
« Reply #1 on: March 26, 2009, 12:42:57 PM »
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15966
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #2 on: March 26, 2009, 06:37:43 PM »
SANS ICS has a link to the BitDefender tool as well as those developed by other vendors:  http://isc.sans.org/diary.html?storyid=5860

Based on what has been seen, it is likely they will leave bits behind but they should get the bulk of the mess off the system.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline zep516

  • Malware Experts
  • Full Member
  • *****
  • Posts: 214
    • View Profile
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #3 on: March 27, 2009, 05:30:09 PM »

In the run up to April 1st, McAfee is offering a special build of its stand-alone cleaning tool christened Stinger which will be updated on a daily basis to include any undetected Conficker variants from the wild.

Please ensure that your copy of Microsoft Windows is patched and security software is fully up to date to ensure that April 1st 2009, is a day like any other day!

http://www.majorgeeks.com/McAfee_AVERT_Stinger_Conficker__d6157.html

zep.

Info from another forum...
You're only as safe as your last update.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15966
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #4 on: March 27, 2009, 08:56:06 PM »
I know that there is a lot of hype about the April 1 date and I included in promoting it.  The problem is that no one knows what to expect.  Is it a "doomsday" alert?  No.  But, if infected and online, you can be certain that infected machine will be part of the attempt to generate the 50,000 URLs daily to download whatever the additional component may be. 

Could that additional component be used on the infected machines as a botnet to seek out other unprotected computers?  Could it be as a DDoS?  In my opinion, it doesn't matter.  MS08-067 should have been installed last year. 

I have seen more infected computers in the past six months without a software firewall (and some also without an antivirus software) than I have seen in the past five to ten years.  Are these the same irresponsible people who drink and drive?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Eric the Red

  • ISO/IEC 27001:2005
  • Administrator
  • Hero Member
  • *****
  • Posts: 1617
  • Would somebody please pass me a beer!
    • View Profile
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #5 on: March 27, 2009, 11:34:43 PM »
  Are these the same irresponsible people who drink and drive?

Maybe, but I think that we now have evidence that they are the people who run the UK! See http://www.theregister.co.uk/2009/03/27/conficker_parliament_infection/
"The time to start running is around about the "e" in "Hey, you!" "
Proud member Since 2004 

The information I provide is provided "AS IS" without warranty, and confers no rights.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15966
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #6 on: March 28, 2009, 09:48:47 PM »
Update posted in Conficker Information for the Home Computer User.  Includes instructions for disabling autorun & file sharing.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline R-C

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 2802
  • Laissez les bons temps rouler!
    • View Profile
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #7 on: March 30, 2009, 02:37:06 PM »
in the most recent windows secrets newsletter there is an excellent article which covers the issues that people who are currently infected are experiencing in that they can not get to any of the removal tools or help sites including windows update to get the patch.    Very good info.
Run a Conficker removal tool before April 1

Corrine excellent write up on your blog also!
registered Linux user:476595
May inspiration fill your heart and hands, run down your legs onto your feet and cause Spontaneous Dancing! :dance:

Offline R-C

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 2802
  • Laissez les bons temps rouler!
    • View Profile
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #8 on: March 31, 2009, 04:23:29 AM »
looks like they might have hit paydirt on stopping it in time, we can be hopeful at least!
Researchers exploit Conficker flaw to find infected PCs

Busted! Conficker's tell-tale heart uncovered
registered Linux user:476595
May inspiration fill your heart and hands, run down your legs onto your feet and cause Spontaneous Dancing! :dance:

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15966
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #9 on: March 31, 2009, 03:29:03 PM »
Although very important, particularly considering the Conficker has already hit the House of Commons, military, hospitals and other corporate entities, that is for networks, R-C.  Network Admins can run the tool to find out if there are any infected PCs on the LAN or WAN.  (Sadly, at least as of yesterday, the very first Google search result for "nmap conficker" was malware.Nmap.)

If you can reach Microsoft Updates, ESET, Sophos, Symantec, etc., then your computer is not infected with this worm and there is no need to run the removal tool.  (Illustrated in the BitDefender video on the BitDefender downadup (Conficker) removal tool:  http://www.youtube.com/watch?v=P9Oj01CI0dM )

On the the other hand, to help protect your computer from Conficker as well as other worms, trojans, etc., the same instructions apply -- Microsoft Security Updates, A/V, Firewall, disable file sharing & autorun.

If infected with Conficker, until the domain is blocked, the BD tool is available here.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Eric the Red

  • ISO/IEC 27001:2005
  • Administrator
  • Hero Member
  • *****
  • Posts: 1617
  • Would somebody please pass me a beer!
    • View Profile
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #10 on: March 31, 2009, 07:25:37 PM »
We are now over nine hours in to April 1st and so far there is nothing major to report, if you want to follow developments keep an eye of F-Secure's weblog, e.g http://www.f-secure.com/weblog/archives/00001643.html
"The time to start running is around about the "e" in "Hey, you!" "
Proud member Since 2004 

The information I provide is provided "AS IS" without warranty, and confers no rights.

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1428
    • View Profile
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #11 on: March 31, 2009, 11:32:15 PM »
Quote
Security experts are downplaying the potential impact of a virus which some believe is set to strike on 1 April.

Conficker has infected up to 15 million computers to date and is set to change the way it works on Wednesday.


http://news.bbc.co.uk/1/hi/technology/7973131.stm

Paddy.. :blink:
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15966
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #12 on: March 31, 2009, 11:52:57 PM »
The videos at F-Secure of Mikko & Patrik's Conficker presentation are fascinating.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1428
    • View Profile
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #13 on: March 31, 2009, 11:59:25 PM »
Corrine I think the BBC is down playing this threat  / or just reporting the downplay  :)
http://news.bbc.co.uk/today/hi/today/newsid_7973000/7973672.stm

Paddy..
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline Eric the Red

  • ISO/IEC 27001:2005
  • Administrator
  • Hero Member
  • *****
  • Posts: 1617
  • Would somebody please pass me a beer!
    • View Profile
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #14 on: April 01, 2009, 08:04:14 AM »
The videos at F-Secure of Mikko & Patrik's Conficker presentation are fascinating.

F-Secure have also a good Q&A page at http://www.f-secure.com/weblog/archives/00001636.html
"The time to start running is around about the "e" in "Hey, you!" "
Proud member Since 2004 

The information I provide is provided "AS IS" without warranty, and confers no rights.