Conficker virus begins to attack PCs: experts

BOSTON (Reuters) - A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said.

Conficker, also known as Downadup or Kido, is quietly turning thousands of personal computers into servers of e-mail spam and installing spyware, they said.

The worm started spreading late last year, infecting millions of computers and turning them into "slaves" that respond to commands sent from a remote server that effectively controls an army of computers known as a botnet.

Its unidentified creators started using those machines for criminal purposes in recent weeks by loading more malicious software onto a small percentage of computers under their control, said Vincent Weafer, a vice president with Symantec Security Response, the research arm of the world's largest security software maker, Symantec Corp.

"Expect this to be long-term, slowly changing," he said of the worm. "It's not going to be fast, aggressive."

Conficker installs a second virus, known as Waledac, that sends out e-mail spam without knowledge of the PC's owner, along with a fake anti-spyware program, Weafer said.

The Waledac virus recruits the PCs into a second botnet that has existed for several years and specializes in distributing e-mail spam.

"This is probably one of the most sophisticated botnets on the planet. The guys behind this are very professional. They absolutely know what they are doing," said Paul Ferguson, a senior researcher with Trend Micro Inc, the world's third-largest security software maker.

He said Conficker's authors likely installed a spam engine and another malicious software program on tens of thousands of computers since April 7.

He said the worm will stop distributing the software on infected PCs on May 3 but more attacks will likely follow.

"We expect to see a different component or a whole new twist to the way this botnet does business," said Ferguson, a member of The Conficker Working Group, an international alliance of companies fighting the worm.

Researchers had feared the network controlled by the Conficker worm might be deployed on April 1 since the worm surfaced last year because it was programed to increase communication attempts from that date.

The security industry formed the task force to fight the worm, bringing widespread attention that experts said probably scared off the criminals who command the slave computers.

The task force initially thwarted the worm using the Internet's traffic control system to block access to servers that control the slave computers.

Viruses that turn PCs into slaves exploit weaknesses in Microsoft's Windows operating system. The Conficker worm is especially tricky because it can evade corporate firewalls by passing from an infected machine onto a USB memory stick, then onto another PC. Continued...

http://www.reuters.com/article/technologyNews/idUSTRE53N5I820090424

Stay away from P2P like Limewire, don't go to the "free" porn sites and avoid all the free" game sites.
Run scans frequently, don't open suspicious email. All anyone can do is take reasonable precautions. Keep your data backed up so if you have to do a reinstall you won't lose anything.

This is all bad and scary and all. But what is the average user supposed to do about it? I'm very confused by this whole thing.

"weeks after being dismissed as a false alarm".

The fucking thing has been residing on millions of computers awaiting instructions to be sent on April 1st.

Just because the creators didn't carry out any sinister plans on that date doesn't mean it should have been dismissed as a "false alarm".

They simply changed the time table for activation.

in fact the way to screen for it I think is to see if you can go to screening software sites. I think if you have it your computer is toast but I'm not sure. My antiviral software was up to date and it did no good.

AVG detects it.

but it would't activate any more on my computer.

but both of them, IMO, are about as useful as a screen door on a submarine.

It is much more robust. http://www.avast.com/eng/download-avast-home.html

:hi:

http://www.monstersandcritics.com/tech/news/article_1459461.php/Microsoft_offers_250000_dollars_to_catch_Conficker_worm_creator_

I'd sure NOT hesitate one sec. (i wish i knew who) (or hope "one of them, silly crackers" or "one who hears them brag" needs some cash)

I use macs, so I'm not worried, but there's a nice webpage test that every PC user should check out:

My thread on it:
http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=389&topic_id=5451421&mesg_id=5451421

If you see three images below, you're probably OK:







If you don't see three images, be sure to check again at the test site:

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

If your PC fails the test, go to the McAfee site here:

http://www.mcafee.com/us/enterprise/confickertest.html

:patriot:

Thank you for continuing to put it out there. :)