Conflicker? It made 60 mins & NYT as a threat to be unleashed today and I have heard nada.

The giant virus that would turn millions of computers into slaves and drain bank accounts, etc.

Anyone? Any updates?

Did anyone besides moi upgrade their anti-virus/security programs to the best money can buy?

Zone Alarm sent me the Fear email, I ignored it, made sure everything was up to date, ran spybot search and destroy, and took IE off the computers my kids use.

http://www.chron.com/disp/story.mpl/headline/biz/6354562.html

Conficker turns out to be ‘dud’
By DWIGHT SILVERMAN HOUSTON CHRONICLE
April 1, 2009, 8:31PM


Despite some predictions of an Internet meltdown and digital apocalypse, the Conficker computer worm failed to wreak havoc on Wednesday, with at least one security expert labeling it “a dud.”

The worm, also known as Downadup, was expected to change how it checked in with its creators, increasing the number of random Internet domains with which it communicates. Security researchers worried there would be new instructions waiting for the worm when it made this change on Wednesday, which was also April Fools’ Day.

But apparently, no one answered when Conficker phoned home.

“As predicted, Conficker has been a dud so far,” said security researcher Johannes Ullrich in a podcast posted at the SANS Internet Storm Center (http://isc.sans.org), which tracks online threats. “We are now well beyond midnight Greenwich GMT, and no evidence of any ill effects so far.”

Most security experts had expected a non-event. But the fact that no one knew what instructions might be awaiting Conficker gave rise to speculative doomsday scenarios that rivaled those associated with the Y2K bug at the turn of the century.

Conficker is a worm that affects a flaw in Windows-based PCs. Microsoft issued an emergency patch in October for the flaw, and those users who installed the patch don’t have much to worry about. By default, Windows updates such patches automatically, but some people and businesses turn off auto-updating and are vulnerable.

Conficker infections are prevalent in Asia, where many copies of Windows are pirated and never updated. But large businesses and organizations that are slow to issue patches may also be vulnerable.

“The only people that have networks and who also don’t patch are government, corporates and education users,” Roger Thompson, chief research officer at antivirus software developer AVG, wrote on his blog at http://thompson.blog.avg.com. “Fortunately, they’re also the folk that have staff with expertise that they can call on to fight back. The worm probably grabbed millions of users right out of the box in December 2008, but any gov/ corp/ edu user who is still infected after five months, deserves it.”

I'd like to note that the "expert" that was on 60 Minutes going full bore in cooperation with the host to make this story seem like the coming of the apocalypse was from Symantec, owners of Norton. As I've said a few hundred times before, Symantec runs a legalized protection racket. They have an interest in spreading FOAD. I was appalled at the way this story was handled by the 60 Minutes team when, as this article points out, "most security experts had expected a non-event." That part of the story wasn't as good for ratings nor for Symantec's profits. (Google "downadup" and check out the first hit.)

That said, the threat posed by the worm is real or could be. It's an extremely sophisticated bit of code that does some remarkable things. And, we're still not sure all that it is capable of doing. To have ignored it would have been dangerous and unprofessional, but the point of that is as Roger Thompson stated. People should have dealt with this months ago, and, for the most part, that seems to be what has happened.

The immediate future worry is for a worm of this level of sophistication or greater getting out into the wild before it is well known, or the mutation aspects of downadup as a class being implemented in some way that we're not aware of prior to these mutations becoming nearly undetectable.

The story here was real and important, but the editorializing on the part of some media outlets with the assistance and advertising front of certain so-called security firms made it come across like a chicken little story. The problem there is that the next time the sky may really be falling, but people will have been lulled into a sense of false security and fail utterly to heed warnings and perform necessary security checks.

I got the October patch in October when it came out (I do automatic updates, and I checked when I got the patch), but I STILL got the virus in January. There are a few varients of the virus and the October patch DOESN'T WORK for subsequent varients. I'm sick of so called experts claiming that having the October patch kept you from getting the virus when it clearly didn't... it was in January and February that most people got his evil thing whether they had the October patch or not. And there still not being a patch that deals with the subsequent varients means whether you have the October patch or not you're still vulnerable unless you have virus protection that DOES work for the subsequent varients. I use AVG, update every day, and when I got the virus AVG had no update that dealt with the subsequent varients and neither did most of the other more well known virus protection programs. THAT'S why most people got the virus in January and February... the October patch didn't work for the subsequent varients.

However, the Microsoft patch fixes the network exploit used by the worm. Conficker also uses USB sticks/drives to spread, placing AUTORUN.INF files and a copy of itself on them so they get launched automatically when you insert the stick/drive into your PC. I think that's how you got infected.

That's how the worm ended up even on nuclear submarines. Even the ICC was infected with an AUTORUN.INF based worm some time ago.

So that theory doesn't work.

receive a NEW set of instructions.

That's it.

What those instructions are is anyone's guess.


People with computers that have active virus scanners and Windows Automatic Updates do this already, with regular automatic updates.

That's all that happened with Conficker today. It received an "update".

However, people always think the worst and made today out to be some sort of cyber-armageddon.

it wouldn't have anyone to talk to electronically. There's a whole lot I don't get though. :)

It seems the infected computers gather information on the user's activity and send it somewhere in the world.

Data such as usernames, passwords, online bank/PayPal accounts, credit card numbers, browser history, files on the system, etc. are collected.

In addition the worm seems to have some VNC/RemoteDesktop capability, allowing a remote computer to see exactly what the infected computer is doing, as if the hacker was sitting right there.

Wasn't it supposed to bring civilization to it's knees?

I forgot to follow up on that.

.
.
.

April Fools!

fools . .

SkyNet's gone all aggro....

good one. You get the prize for best joke.

No serious AV expert expected something big on April 1st. Besides, the Conficker Working Group put some serious effort in disrupting the worm's update sites.

Besides, the real problems are the "silent" pieces of malware: Vundo, Zbot, FakeAV, FakeAlert/Renos, DnsChanger/TDSS, SilentBanker, Buzus, Bifrose, Zhelatin/Waledac, ...
Malware writers make much much much more money than the AV companies these days. :-( Just an example:

http://voices.washingtonpost.com/securityfix/2009/03/obscene_profits_fuel_rogue_ant.html

I got nothing...

Smoke and mirrors.