Go Back   Team-BHP > Around the Corner > Shifting gears > Gadgets, Computers & Software


Reply
 
Thread Tools Search this Thread
Old 31st March 2009, 17:44   #1
Senior - BHPian
 
kaushik_s's Avatar
 
Join Date: Sep 2006
Location: Bangalore
Posts: 1,061
Thanked: 147 Times
Default Conficker.C threat to cyber world? What is it?

Seems like this virus/worm is going to attack the computers and basically would reside inside the dll's and will send data to it's authors and also spread itself. And this is going to be activated on 1st of April. Initially when I heard about it I thought it to be another april fool prank. But after seeing a mail from our IT dept. and then when checked the net about it this looks to be a real threat. (check about the virus here - An Analysis of Conficker C)

What I understood from the readings is that this worm once attack a system will make the system as it's host. Then it'll disable all the security protocols( you can't even access any of the websites related to security) so that no anti-virus or patch can be downloaded or run. Then it'll make the system as a kind of server to spread itself again. Also it'll be downloading something which no-one yet knows what it is.
I guess many here would've better idea about this virus, so please share your thoughts. And the mods/admins, are TBHP servers are updated to thwart this threat? I hope they are.
kaushik_s is offline   Reply With Quote
Old 31st March 2009, 18:36   #2
Distinguished - BHPian
 
condor's Avatar
 
Join Date: Jun 2006
Location: Speed-brkr City
Posts: 10,312
Thanked: 3,656 Times
Default

A botnet Virus, also known as W32.Downadup.x (x = A / B / C). A virus that lot of organizations are trying to fight.

Apply MS08-067 Microsoft patch immediately. AND REBOOT YOUR SYSTEM.

More details here :
Conficker - April 1st Virus - April Fools Virus - W32.Downadup Worm | The Conficker C Worm
condor is online now   Reply With Quote
Old 31st March 2009, 19:48   #3
Senior - BHPian
 
kaushik_s's Avatar
 
Join Date: Sep 2006
Location: Bangalore
Posts: 1,061
Thanked: 147 Times
Default

Yeah, thanks Condor. And it seems like I missed another IT upgrade which tells us to check if that patch is applied or not .
How to check : check in your Add/remove program for "KB958644" in Windows XP -software upgrades. If not then get the patch from Microsoft site.
kaushik_s is offline   Reply With Quote
Old 31st March 2009, 22:43   #4
Senior - BHPian
 
black12rr's Avatar
 
Join Date: Dec 2005
Location: Ridin earth now
Posts: 1,258
Thanked: 271 Times
Default

Quote:
Originally Posted by kaushik_s View Post
Yeah, thanks Condor. And it seems like I missed another IT upgrade which tells us to check if that patch is applied or not .
How to check : check in your Add/remove program for "KB958644" in Windows XP -software upgrades. If not then get the patch from Microsoft site.

You will not be seeing any installed updates in add / remove programs , unless you CHECK the check box in this window ,which says "SHOW UPDATES " , then it will list the installed updates also .
black12rr is offline   Reply With Quote
Old 31st March 2009, 23:09   #5
Senior - BHPian
 
govigov's Avatar
 
Join Date: Oct 2007
Location: Cochin!!!!!
Posts: 1,271
Thanked: 382 Times
Default

got this via email.

What Will Conficker Bring on April 1 ? Posted on PCMag.com 03.26.09
The latest variant of the worm, Conficker.C, is programmed to do something on April 1. But what exactly will happen? The scary thing is, no one can say for sure.

The "A" and especially "B" variants of this worm (also known as Downadup) have built a botnet estimated at several million PCs, almost exclusively through exploitation of the MS08-067 vulnerability in Windows. Conficker added some innovative techniques to update itself though a large number of domains, the names of which were algorithmically generated by the program. Because the names were deterministic, it was possible for the DNS authorities (VeriSign, et al) to block the names. With few exceptions, the worm has been unable to spread since that point several weeks ago.

Then the C variant came along. It adds a number of defensive measures designed to protect itself from detection and removal and it ratchets up the number of domains it can check for updates. As this very large and thorough analysis of Conficker.C from SRI International says, "...Conficker C increases the number of daily domain names generated, from 250 to 50,000 potential Internet rendezvous points. Of these 50,000 domains, only 500 are queried, and unlike previous versions, they are queried only once per day." Thus "C" should generate less traffic than the earlier versions, especially in as much as it filters the IP addresses for these domains to make them work better and avoid detection.

Avoiding detection is a major theme with Conficker.C. It's not the first malware to try to defend itself in-memory against security software and diagnostic tools, but "C" does a lot of this. For instance, it disables Windows Automatic Updates and the Windows Security Center. Make sure that the update mechanisms for Windows and your anti-malware are actually occurring because Conficker can turn them off.

But the big news with "C" is that the code is scheduled to come alive on April 1 and start contacting the 50,000 domains and download something. What will they download? What will it make the bots do? Honestly, nobody knows. This is the great mystery.

It is possible for "C" to spread in part because there is a direct push mechanism in "B," allowing an outside system to contact it and provide a domain name from which it should download an update, presumably "C".

Conficker is really sophisticated as malware goes. It's clear that its authors are smart people and perhaps that's what's got security people worried. But the only rational way to approach this is to do the things you know you need to do anyway and then not get hung up on it. Remember, [COLOR=#c00000]there's a very good chance that on April 1 nothing much will happen.[/COLOR]

Last edited by govigov : 31st March 2009 at 23:11. Reason: removed HTML tags
govigov is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads
Thread Thread Starter Forum Replies Last Post
Here! I welcome myself to the cyber-world of BHPians INSAN_SSH Introduce yourself 1 22nd February 2016 11:50
Google a threat to Indian army (LOL) bigman Shifting gears 2 4th April 2006 16:53


All times are GMT +5.5. The time now is 17:45.

Copyright 2000 - 2017, Team-BHP.com
Proudly powered by E2E Networks