A computer virus that has been spreading around the world for months is set to come alive tomorrow.
Experts have struggled to tackle it and they do not know who controls it or why it was created. But tomorrow the virus, dubbed Conficker, will “call home” to its creator to seek new instructions. No one knows what will happen next.
The Conficker virus started spreading late last year. At first it was a relatively simple worm, easily dispensed with. However, it has evolved into a more sophisticated and resilient virus that has found new ways to spread. It has also gained the ability to shut down a computer's defences.
It spreads by exploiting a weakness in Windows, the software that runs most computers. At its peak it had infected about 12 million computers, although that may have fallen to about two million with new security measures.
Once the worm is on a computer, that PC becomes part of a “botnet” – a network of computers that can be controlled by the virus's creator.
|The Conficker Worm: April Fool's Joke or Unthinkable Disaster?|
By John Markoff
The Conficker worm is scheduled to active on April 1, and the unanswered question is: Will it prove to be the world's biggest April Fool's joke or is it the information age equivalent of Herman Kahn's legendary 1962 treatise about nuclear war, "Thinking About the Unthinkable"?
Conficker is a program that is spread by exploiting several weaknesses in Microsoft's Windows operating system. Various versions of the software have spread widely around the globe since October, mostly outside the United States because there are more computers overseas running unpatched, pirated Windows. (The program does not infect Macintosh or Linux-based computers.)
An estimated 12 million or more machines have been infected. However, many have also been disinfected, so a precise census is difficult to obtain.
It is possible to detect and remove eConficker using commercial antivirus tools offered by many companies. However, the most recent version of the program has a significantly improved capacity to remove commercial antivirus software and to turn off Microsoft's security update service. It can also block communications with Web services provided by security companies to update their products. It even systematically opens holes in firewalls in an effort to improve its communication with other infected computers.
Given the sophisticated nature of the worm, the question remains: What is the purpose of Conficker, which could possibly become the world's most powerful parallel computer on April 1? That is when the worm will generate 50,000 domain names and systematically try to communicate with each one. The authors then only need to register one of the domain names in order to take control of the millions of zombie computers that have been created.
Speculation about Conficker's purpose ranges from the benign — an April Fool's Day prank — to far darker notions. One likely possibility is that the program will be used in the "rent-a-computer-crook" business, something that has been tried previously by the computer underground. Just like Amazon.com offers computing time on its network for rent, the Conficker team might rent access to its "network" for nefarious purposes like spamming.
The most intriguing clue about the purpose of Conficker lies in the intricate design of the peer-to-peer logic of the latest version of the program, which security researchers are still trying to completely decode.
According to a research addendum to be added Thursday to a paper by researchers at SRI International, in the Conficker C version of the program, the infected computers can act both as clients and servers and share files in both directions. The peer-to-peer design is also highly distributed, making it more difficult for security teams to defeat the system by disabling so-called super-nodes.
Conficker's authors could be planning to create a scheme like Freenet, the peer-to-peer system that was intended to make Internet censorship of documents impossible.
Or perhaps the Conficker botnet's masters have something more Machiavellian in mind. One researcher, Stefan Savage, a computer scientist at the University of California at San Diego, has suggested the idea of a "Dark Google." What if Conficker is intended to give the computer underworld the ability to search for data on all the infected computers around the globe and then sell the answers? Malware already does this on a focused basis using a variety of schemes that are referred to as "spear phishing," in a reference to the widespread use of social engineering tricks on the Net.
But to do something like that on a huge scale? That would be a dragnet — and a genuine horror story
|QUOTE (K Arthur90 @ Mar 31 2009, 08:42 PM)|
| Erm.... Mac don't get viruses often. But when they get..... You have to reformat your Mac :D|
You don't have to refrain from accessing the Internet the whole day...
1 - Update your Windows. It might have a Malware Removal Tool for ya. Also, Conficker exploits an old vulnerabilty, which Microsoft solved a year ago. So Conficker aims for out-of-date computers. If you kept your Windows up-to-date for the last year, there's nothing to worry about.
2 - Update your Antivirus. Conficker can be removed from a system. You just have to look for it. The three major antivirus companies (Norton, McAfee and AVG) have already released virus libraries against Conficker.
3 - If you still think you are vulnerable, set up your firewall to ask you about every single connection your PC does with the Internet. This way you can decide if you allow your computer to connect or not. I suggest ZoneAlarm, since it's free, and it allows you to monitor each program individually.
Trust me: If you got everything updated, there's nothing to worry about.
1. Use USB Drives, or record CD's tomorrow
2. Format a HD or USB Drive tomorrow
3. Use an out-of-date computer to access internet.
|QUOTE (Donovan Kays @ Apr 1 2009, 04:07 PM)|
| my friend is screwed|