« My Spam analysis for March 23 - 29, 2009 | Blog Home | Spybot Search and Destroy Definitions Updated on 4/1/09 »

Conficker/Downadup Worm set to update on April 1, 2009

The newest version of the Conficker Worm, a.k.a. Downadup, said to have already infected over 10 million PCs, is programmed to begin contacting a huge list of new domain names, beginning on April 1, 2009. Each PC that is currently infected with the most recent variant of this Worm will begin generating a list of 50,000 domain names, many of which might be registered by the criminals behind this Worm. It will then pick names it generates on each infected computer and try to contact that domain, for further instructions, or program updates. If those domains are in fact active and under the control of the Botmasters running the Conficker Worm, updates will be sent to all of the PCs making contact on, or after April 1. Those updates are probably going to make it more difficult to disinfect these PCs, or to contact any security websites for malware removal tools.

If you are not already infected it is because you took the proper preventative measures last October 23, 2008. That was the date that Microsoft released a sudden, out-of-cycle critical update, in security bulletin MS08-067 and Windows Update patch kb958644, which plugged a vulnerability in the Windows Server Service. That vulnerability is what was exploited by the first two releases of the Conficker Worm (Conficker.A and .B). Since most Windows users who run legitimate copies of Windows have set their computers to receive and apply Automatic Windows Updates, they were protected when the Worm was first released in the wild, in November, 2008.

However, people who turned off Automatic Updates because they don't trust Microsoft updates, or because they are using pirated copies of Windows and don't want to get nagged about it, probably got hit by this Worm, soon after its release. The highest percentages of Conficker infections occurred in countries with the highest numbers of pirated Windows operating systems. These nations include China, Russia, Argentina, and Brazil.

I would like to point out that there is another group of vulnerable people, who may not realize that they are critically exposed to the Conficker Worm (and the likes). These are legitimately licensed users of Windows XP, or newer, who had to reinstall their operating systems to fix other problems or malware infections, any time after the MS08-067 patch was released. If you let any significant time elapse between reinstalling Windows and then obtaining all available patches, especially MS08-067, you could have been exposed to a Conficker attack and possibly been infected and don't know it yet (not likely - the Worm causes noticeable trouble on a PC). This is why I always make my first Internet connection after validation to Windows Updates (repeatedly, until all patches have been installed)!

If you want to know if your Windows PC is infected just try to go to Windows Updates, either via the link in your Start Menu, or using the link in Internet Explorer, under Tools. If you can't open Windows Updates at all, but can visit other non-security related websites (Yahoo, MSN, CNN, etc), you just may be Confickered. To find out for sure you should run scans with any anti virus software you have installed. Try to update it first, before scanning. If you are already infected with Conficker.B, or Conficker.C, you will not be able to update most anti virus definitions at all. This is caused by the Worm denying access to any website run by any major security vendor.

If this is the case for your PC(s) there is a downloadable Conficker Removal Tool available from Bit Defender, that removes Conficker A, B and C variants. The removal tool is available here. There is also an online scanner on the landing page, which you can run to see if you are indeed infected. If the Bit Defender page is inaccessible, here is the URL for the online scanner: http://91.199.104.31

Note, that licensed users of Trend Micro Internet Security products are already protected against the Conficker threats.

I will have more to tell you about this Worm after tomorrow comes and goes. We will see what we shall see!

Get Norton 360

Posted by Wiz on March 31, 2009 7:08 PM |

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Use OpenDNS

Add to Technorati Favorites

Fight website spammers

Search


About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.

MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days. Pay $39.95 US once, for a lifetime license, with free upgrades.

Get Reliable Web Hosting

BlueHost Web Hosting $6.95

Do you want reliable, yet affordable shared website hosting, with US based phone, email and live chat tech support? If so, you should consider signing up with BlueHost. You can host Unlimited Domains and sub-domains on one account, each complete with their own FTP and Email Accounts. You get unlimited disk space, data transfer & databases, plus dozens of free secured scripts that are easy to install with a few clicks. cPanel Pro control panels support all current web technologies, logs and scripts. All new and transfer accounts are entitled to 1 free domain name and a $50 Google AdWords credit. Pay just $6.95/month, for 2 or 3 years, prepaid. No setup fee and a 30-day money back guarantee. Sign-up with BlueHost Here

Recent Posts

Popular Posts

Categories

Wizcrafts main pages

Wizcrafts Home Page
Security Alerts
Frequently Asked Questions
Website Hosting Solutions
Links and Resources
MailWasher Pro Spam Filter
Networking Fundamentals
About Computer RAM & Upgrades
Webmaster Services
Wizcrafts' Site Map

Anti-Spyware Tools

A-squared HiJackFree
A-squared Trojan remover
AboutBuster
Ad-Aware Free
Avira AntiVir Free Anti Virus
AVG Free Anti Virus
CWShredder
HijackThis
MalwareBytes AntiMalware
Rogue Anti-Spyware list
Trend Micro RUBotted
Secunia Software Inspector
SiteAdvisor Toolbar
Spybot Search & Destroy
Spyware Blaster
Strider URL Tracer
Trend Micro Internet Security
US-CERT.gov
Windows Defender
Windows Live OneCare Scanner
ZoneAlarm Pro Firewall

Spyware Removal Forums

A-Squared Malware Removal Forums
AVG-Free Self Help Forums
Bleeping Computer HijackThis Logs and Analysis
Bleeping Computer Spyware Removal Guides
Geeks To Go Forums
MailWasher Pro Forums
MajorGeeks Forums
MBAM Malware Removal Forum
Safer Networking Forums
Spybot S&D Malware Removal Forum
Spywareinfo Forums
SpywareWarrior Forums
TomCoyote Forums
Wilders Security Forums

Archives

Subscribe to this blog's feed
[What is this?]
Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by
Movable Type 4.32-en

Start your blog today