From Jason Miller:
A new version of the Conficker
virus is scheduled to become active on April 1st. In early March, security researchers
discovered the third variant of this virus, called Conficker.C. The first two variants of the Conficker virus
gained a lot of attention from the media security experts since first
discovered in October. While these
variants generated hype, infection rate was minimal.
How
was the infection rate kept low? Security
researchers were able to thoroughly research and block the effects of the virus. Domain names the virus used were identified
and taken offline by security researchers, effectively reducing the
functionality of the virus and preventing it from establishing a controlling
server.
The
Conficker.C variant has undergone a major transformation into a potentially more
malicious virus. The author of the
Conficker virus has obviously been monitoring the activities of the security
researchers and has made changes that could finally unleash the full potential
of the virus.
The Conficker author has added in
functionality to reduce defense mechanisms against the virus. The virus will monitor active processes on
machines. If the process is one of many
security tools, such as MSRT, Microsoft Windows Update, or various antivirus
programs, the Conficker worm will shutdown those processes. By doing so, security tools could be rendered
useless on an infected machine. In
addition to rendering security tools useless, the Conficker virus will kill any
attempt to apply the MS08-067 patch.
This is considerably alarming to me.
We have stated many times the first line of defense is to patch any and
all machines on your network. After
patching your machines, you can run security tools to remove the virus. If your systems are patched, you prevent the
systems from being infected. Patching a
system also reduces the chance of re-infection of this worm.
Conficker.C
will attempt to kill any process associated with the MS08-067 patch. If you’re not already patched and you become
infected, you have to remove the virus before patching. This increases the
window of opportunity for the virus to spread.
On
April 1st, 2009, the Conficker.C variant will become active. It is unknown at this time what payload will
be delivered from the controlling servers.
This could range from Botnets to SPAM to advertising servers for adware.
It could do evil or it could do nothing.
To
avoid becoming April fools, if not already patched take steps to deploy MS08-067.
Administrators have about 10 days to scan for and deploy MS08-067 to ensure
their systems are patched and ready for whatever this havoc virus will bring.
I've heard from multiple sources that the Conficker worm wouldn't be a threat to Mac users, thank goodness
Posted by: caffeine head | Saturday, April 04, 2009 at 12:41 AM
We didn't get hit too bad by the conflicker virus. However, I run PC support for a few dozen companies here in Denver, and I found that Google changed their API for Google maps on Monday that messed up a large number of web applications across different clients.
What was funny about that was the complete over the top response of the CEOs of those companies. They were POSITIVE it was conflicker and we were going to distribute sensitive information across the web. They did a hard shut down on one server that took us two days to get back up and running.
So, I guess indirectly conflicker brought me a fair amount of income. Thanks conflicker.
Posted by: Denver PC Guy | Monday, April 06, 2009 at 08:08 PM