Are you a Conficker Zombie?

Conflicker [A] has hit millions of systems.

Now there's Conflicker B++ too :(

The big picture Taxonomy of Conflicker is
http://www.hostexploit.com/images/stories/cnfic_fr.jpg

Another common infection Taxonomy is
http://www.hostexploit.com/images/stories/Virux_%20trend.jpg

(see the original article here (http://www.hostexploit.com/index.php?option=com_content&view=article&id=120:are-you-a-conficker-zombie&catid=4:hostexploit-news))

The Computerworld article is here (http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9128280&source=NLT_SEC)

CAUTION: Don't be overly concerned over the comment on HOST file at the bottom of that article;
MVSP.org and Spybot S&D modify the HOST file to intentionally inhibit access to known bad sites.
Such 'lockouts' are easily see on any line containing 127.0.0.1

Conflicker/downadup Cleanup and removal

Instructions: http://www.bleepingcomputer.com/malware-removal/remove-downadup-conficker

Bit defender Removal tool http://www.bitdefender.com/site/Downloads/downloadFile/1583/FreeRemovalTool

Microsoft patch (to prevent if not already infected or use after clean) http://www.microsoft.com/downloads/results.aspx?pocId=&freetext=ms08-067&DisplayLang=en

Mike

EDIT: New for Conflicker!

Just yesterday Mcafee introduced a special Stinger dedicated to Conflicker

Get it here http://www.majorgeeks.com/McAfee_AVE...er__d6157.html

I will edit my other post and add it there.

This is a bad one so.....

I advise anyone who supects this malware to shoot it with all 3 programs followed by MBAM , SAS and ComboFix.

And tet another from Sophos: http://www.majorgeeks.com/Sophos_Conficker_Clean-up_Tool_d6158.html

VERY GOOD IDEA; one location for description and solution :)

Hi everyone been away and busy for last few days but thought I would take time post this!

New for Conflicker!

Just yesterday Mcafee introduced a special Stinger dedicated to Conflicker

Get it here http://www.majorgeeks.com/McAfee_AVERT_Stinger_Conficker__d6157.html

I will edit my other post and add it there.

This is a bad one so.....

I advise anyone who supects this malware to shoot it with all 3 programs followed by MBAM , SAS and ComboFix.

Mike

EDIT: Another just today http://www.majorgeeks.com/Sophos_Conficker_Clean-up_Tool_d6158.html

More info on this: http://www.winsupersite.com/server/conficker.asp

How bad is this really? I've been hearing about it on the news since Sunday's 60 Minutes (on cbs). Prior to that I hadn't really heard about it.

It kind of sparks my intrest because as some of you know, I don't run any AV on my machines. I'm pretty self confident that I'm in the clear, but something 'big' like this would be the kind of thing to shake my confidence if I was comprimised.

Is this a type of thing where we don't know what it does until April 1? That is my impression at this point. And I think rather than dling and running a bunch of software I don't want on my machines I'm just going to risk it and see what happens in 5.25 hours.

Disclaimer:
Do not follow my example if you are concerned for your data, I'm assuming entire responsibility only for what happens to my computers.

Um put it this way, I presently don't have any issue, where I am ;) ;)

How bad is this really? I've been hearing about it on the news since Sunday's 60 Minutes (on cbs). Prior to that I hadn't really heard about it.

It kind of sparks my intrest because as some of you know, I don't run any AV on my machines. I'm pretty self confident that I'm in the clear, but something 'big' like this would be the kind of thing to shake my confidence if I was comprimised.

Is this a type of thing where we don't know what it does until April 1? That is my impression at this point. And I think rather than dling and running a bunch of software I don't want on my machines I'm just going to risk it and see what happens in 5.25 hours.

Disclaimer:
Do not follow my example if you are concerned for your data, I'm assuming entire responsibility only for what happens to my computers.

I saw 60 minutes as well. And agree. I've run my usual backups but otherwise, I'm still waiting for Y2K to hit!

I'm still waiting for Y2K to hit!
:haha:

That really did make me laugh out loud :D


anyway: MS Article
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx

:haha:

That really did make me laugh out loud :D


anyway: MS Article
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx


I got suspended from High School because we had to write a paper about the y2k issue. 95% of my class had fear of the issue, along with my teacher.

My paper basically stated how ignorant people are. Did we not forget that we have 24 time zones. Will the world end one hour at a time?

...It kind of sparks my intrest because as some of you know, I don't run any AV on my machines. I'm pretty self confident that I'm in the clear, but something 'big' like this would be the kind of thing to shake my confidence if I was comprimised.
and I'm big on on proactive defense and down on the reactive A/V approach.
Good router and firewall controls trump A/V everytime (imo).

If I can keep healthy, then the prescription/rx with the doctors bill can be avoided altogether :)

Oh sure I have one -- once in a while I even scan with it.

But using good software{Thunderbird, Firefox}, Spywareblaster(controlling ActiveX), Spybot S&D(controlling startups), trimming Services, and a firewall that controls in/out bound access will cover the bases 99% of the time.

But using good software{Thunderbird, Firefox}, Spywareblaster(controlling ActiveX), Spybot S&D(controlling startups), trimming Services, and a firewall that controls in/out bound access will cover the bases 99% of the time.

It seems to be fashionable nowadays, to award all the credit (or blame), to just the AV software, but it can't be stated how much help it's receiving from FF (with "NoScript") and Spybot, not only it's resident "Tea timer", with it also controlling the hosts file. I'm not certain, but it seems like it's got something akin to "Combo Fix", built in.

forgot to mention -- A/V is THE proactive protection for email -- just got to scan them for scruff :)

Avira is the Closest to proactive as A/V gets, and that's to know threats. What we really need is for operating systems to be built in such a way as to prevent the execution of malicious codes. An environment that would be able to decipher the codes compiled in a program to determine if it is malicious or not, simply based on what task the program was designed to carry out. This can be liken to telepathy.

Imagine being the security Guard at a Bank. The chance of robbers getting by you is high, because you can't stop and interrogate each individual. Now think of the probability of any robbers getting by you if you were able to stop,and interrogate each individual to get an idea of what their intentions are. The probability of the Bank getting robbed would be close to zero.