Some news reports out today are leading the public to believe that the April 1st threat of Conficker has been a whole lot of nothing. Yes, the worm had a trigger date to take over machines on the 1st, and for machines that weren’t protected, that takeover happened. I’m currently working with a friend of my son’s on one of the computers in her household that ended up being infected with Conficker. For most people, because their machines were patched and their virus programs up to date, no problems were noted.
So of course follows lots of commentary about how everything was blown out of proportion, ala Y2K.
I completely disagree. In my mind, it is because of the publicity and news reports that the Conficker worm had less purchase and effect overall. People were paying attention, and they were making sure their machines were clean. If they didn’t know how, they tagged a geek who did, and made sure they were ready for this particular threat. Just because we were prepared for the threat doesn’t mean it was any less of a threat. There are still machines out there that are infected and will need to be addressed, but I believe the threat is a whole lot lower mainly because people were aware and doing what the needed to do to keep from being infected.
I know, sometimes to the rest of the world we geeks are running around hollaring about viruses and worms and oh-my-gosh-it’s-the-end-of-the-world, but the fact is, if we didn’t take these things seriously, there’d be even worse threats and worse infections turning machines into zombies for us.
This weekend I imagine I’ll spend a couple of hours trying to come up with a fix for my son’s friend’s machine. I’d rather have talked to a few people about the worm and how they should be protecting themselves, than spending my weekends and evenings fixing problems that could have been avoided with a little prevention.
Of course, on this blog, I’m preaching to the choir, aren’t I?
How many of the geeks out there are safe from Conflicker, a nasty little worm set to go all doomsday on us on April 1st? Hopefully, 99.9% of us are (there’s never a 100% guarantee). I know I am, as is every machine on my home network and that I have control over at work.
But what about those family members that are far away, or at least aren’t using a machine on our home networks? What happens on April 1st to them? Are they protected? And how can you help them find out if they are infected, and get them cleaned up pronto?
A great little article in USAToday listed an easy way to check and see if a machine is infected. Using the browser, go to any of these three sites:
If these sites load in any browser, then Conflicker is not installed on the machine and things are good. But to be on the safe side, you should also be sure whatever virus program is being used is updated and being updated automatically.
If you cannot get to those sites in the browser, then you have Conflicker on your PC. And this baby isn’t easy to get rid of. The article suggested two different sites to try:
Enigma’s Conflicker removal tool
Microsoft’s removal tool
The Enigma and Microsoft tools work because Conflicker doesn’t have their URLa blacklisted inside the worm. That may change as Conflicker mutates, but for now the removal tool is available (and free) from both places. I tried the Enigma one myself and downloaded and installed it very easily. The Microsoft site seemed to be overloaded and I could not fully test it, but Microsoft also claims that if you still can’t get help from their site, you can call them toll-free at 1-866-PCSAFETY.
This is one April Fool’s joke I hope we can all avoid.
Panda Software, a respected vendor of antivirus software applications within the technical community, has named a Trojan, Downloader.GK, as the most malicious virus of 2004. Even though Downloader.GK isn’t technically a virus, an application that independently distributes itself, the program has caused the most damage to users’ computers, according to data collected by Panda Software’s ActiveScan process.
Continue reading Panda Names Downloader.GK Worst Virus of 2004
The new Santy worm uses the Google search engine to find vulnerable websites and then defaces the sites’ bulletin boards. The worm, formally named Net-Worm.Perl.Santy, attacks website bulletin boards (Internet forums or message centers) running versions of the popular phpBB bulletin board application. The worm exploits a known security vulnerability in early releases of the phpBB application, defacing the contents of the bulletin board.
Continue reading Google Becomes Unwitting Abettor for Santy Worm
Watch out for a special present included with your e-mail Christmas greetings. A mass-mailing worm, W32/Zafi.d@MM or Zafi.d, is making the rounds of e-mail users and is transmitted in the form of a Christmas greeting card with the subject line of either “Merry Christmas” or “Happy Holidays.” The e-mail message will appear to come from one of your acquaintances.
Continue reading Zafi Worm Comes with Christmas Greetings
Users of Microsoft Internet Explorer and Windows XP Service Pack 2 (SP2) are vulnerable to infection by the Bofra worm, downloaded through website banner ads.
The Bofra worm, previously described only as a variant of the MyDoom worm, takes advantage of the iFrame vulnerability in Microsoft Internet Explorer; Microsoft has not yet been able to release a patch that repairs this security hole. According to SANS Internet Storm Center, sites in the U.K., the Netherlands and Sweden have been infected, including The Register, tech website. The Register advises users who visited the site between 6:00 A.M. and 12:30 P.M. GMT on Saturday November 20, 2004, to check their machines for possible infection by the Bofra worm.
Bofra Skirts Antivirus Software
The more significant problem is that the Bofra worm, which is a spyware application cannot be detected by most antivirus software applications. Repairing the effects of this worm are difficult and costly. The effect of the worm is so many popups and unwanted software installations that the computer will slow to a crawl and be, effectively, useless. Many users will be forced to rebuild their drives from scratch, starting with a reformatting and reinstallation of Windows.
Affected users who are fortunate to not lose all of their data files will do well to rebuild their computer and stop using Microsoft’s integrated web browser. Until Microsoft is able to take security seriously and create a stable, secure browsing platform, Windows users should move to alternative web browsers such as Firefox or Opera.
Call for Comments
What do you think? Leave your comments below.
SANS Internet Storm Center
The Mydoom worm (a.k.a. Shimgapi and Novarg) is making a fast name for itself and has been detected in 142 countries and currently accounts for 8.5% of all Internet e-mail, according to a leading security company.
The worm arrives in an e-mail file attachment. The e-mail body varies from blank to highly technical jargon…all of which are designed to fool the recipient into opening the attached (infected) file which has a common extension such as ZIP, SCR, EXE, or PIF.
I started noticing the worm making its way through our e-mail servers yesterday. I’m receiving a couple of dozen copies of infected messages every hour in my e-mail account, alone. Some of the infected messages are being transmitted using one of my e-mail accounts as the faked sender, so it’s difficult to determine from true sender.
Keep you antivirus software updated and never, I mean never, open a file attachment that you’re not expecting.
Call for Comments
What do you think? Leave your comments below.