what's the deal with this april fool's virus

[EricB]

I seen this on this news. I also know that they have hoaxes around this time too. if it's true how should we protected ourselves?

CNN -- A computer-science detective story is playing out on the Internet as security experts try to hunt down a worm called Conficker C and prevent it from damaging millions of computers on April Fool's Day.


This piece of computer code tells the worm to activate on April 1, 2009, researchers at CA found.

The anti-worm researchers have banded together in a group they call the Conficker Cabal. Members are searching for the malicious software program's author and for ways to do damage control if he or she can't be stopped.

They're motivated in part by a $250,000 bounty from Microsoft and also by what seems to be a sort of **** Tracy ethic.

"We love catching bad guys," said Alvin Estevez, CEO of Enigma Software Group, which is one of many companies trying to crack Conficker. "We're like former hackers who like to catch other hackers. To us, we get almost a feather in our cap to be able to knock out that worm. We slap each other five when we're killing those infections."

The malicious program already is thought to have infected between 5 million and 10 million computers.

Those infections haven't spawned many symptoms, but on April 1 a master computer is scheduled to gain control of these zombie machines, said Don DeBolt, director of threat research for CA, a New York-based IT and software company.

What happens on April Fool's Day is anyone's guess.

Don't Miss
$250K Microsoft bounty to catch worm creator
Downadup virus exposes millions of PCs to hijack
The program could delete all of the files on a person's computer, use zombie PCs -- those controlled by a master -- to overwhelm and shut down Web sites or monitor a person's keyboard strokes to collect private information like passwords or bank account information, experts said.

More likely, though, said DeBolt, the virus may try to get computer users to buy fake software or spend money on other phony products.

Experts said computer hackers largely have moved away from showboating and causing random trouble. They now usually try to make money off their viral programs.

DeBolt said Conficker C imbeds itself deep in the computer where it is difficult to track. The program, for instance, stops Windows from conducting automatic updates that could prevent the malware from causing damage.

The program's code is also written to evolve over time and its author appears to be making updates to thwart some of the Conficker Cabal's attempts to neuter the worm.

"It is very much a cat and mouse game," DeBolt said.

It's unclear who wrote the program, but members of the Cabal are looking for clues.

First, they know that some recent malware programs have come from Eastern European countries outside the jurisdiction of the European Union, said Patrick Morganelli, senior vice president of technology for Enigma Software.

Worm program authors often hide in those countries to stay out of sight from law enforcement, he said.

In a way, the Conficker Cabal is also looking for the program author's fingerprints. DeBolt said security researchers are looking through old malware programs to see if their programming styles are similar to that of Conficker C.

The prospects for catching the program's author are not good, Morganelli said.

"Unless they open their mouth, they'll never be found," he said.

So, the most effective counter-assault simply may be damage control.

One quick way to see if your computer has been infected is to see if you have gotten automatic updates from Windows in March. If so, your computer likely is fine, DeBolt said.

Microsoft released a statement saying the company "is actively working with the industry to mitigate the spread of the worm."

Users who haven't gotten the latest Windows updates should go to Windows Live OneCare if they fear they're infected, the company's statement says.

DeBolt said people who use other antivirus software should check to make sure they've received the latest updates, which also could have been disabled by Conficker C.

The first version of Conficker -- strain A -- was released in late 2008.

That version used 250 Web addresses -- generated daily by the system -- as the means of communication between the master computer and its zombies.

The end goal of the first line was to sell computer users fake antivirus software, said Morganelli.

Computer security experts largely patched that problem by working with the Internet Corporation for Assigned Names and Numbers to disable or buy the problematic URLs, he said.

That process-of-elimination approach isn't likely to be effective with Conficker strain C, Morganelli said. The new version will generate 50,000 URLs per day instead of just 250 when it becomes active, DeBolt said.

The first iteration of Conficker is thought to have grown out of a free function for security programs created by Dr. Ronald Rivest, a computer science professor at the Massachusetts Institute of Technology.

"Any technology can be used for good or evil, and this is just an example of that," Rivest said.

Many viruses have taken pieces of benevolent programs and used them for ill. But overall the "open source" environment online promotes computer security far more than it enables hackers, DeBolt said.

"I don't blame the open-source community at all" for virus attacks, he said.

CA said it recently found a piece of code in Conficker C that says the worm will become active on April 1. Previous versions of the malicious software launched on specific dates noted in the program code, so the April Fool's Day launch date is not likely to be a trick, DeBolt said.

"The best minds in the industry are working on this to protect customers," he said. "We're trying to reduce the impact of the April 1 date as best we can. But we know ... this malware will continue to evolve."

 

[Yami]

Yes that's obviously an April Fool's joke

 

[KSoD]

Yes that's obviously an April Fool's joke

Are you so sure? I remember many years back GMail was a April Fools joke. Now it is one of the biggest known EMail services out there.

Dont be so quick to throw caution to the wind. As if any part of this is true, a new age of infections has begun. As there is no way to stop it. Not yet at least.

 

[C0RR0SIVE]

If this happens, I can only hope for something incredibly funny....

 

[dhgunit]

Yes that's obviously an April Fool's joke

Aren't April Fool's jokes supposed to be funny and light-hearted? There is nothing funny about this worm. This could be a really bad one. REALLY BAD.

 

[Osiris]

http://www.techist.com/forums/f51/containing-conficker-203975/#post1622282

http://www.techist.com/forums/f51/busted-conficker-s-tell-tale-heart-uncovered-203968/

 

[Lexluethar]

On 60 minutes they had a rep from Symantec talking about this worm. It is definately for real, they say the easiest way to detect is to see if Windows Automatic update is turned off. If it is that should be your first warning. Then try to turn it on, if you can't that should be the tell-tail sign you have the worm. Finally try to manually update the windows machine - if you can't then you are infected and should take steps in removing the worm.

The problem is they don't know what it does. All they know is that it is 'set' to receive instructions on April 1st. So it sits there and replicates itself into other systems on a network - but it doesn't do anything. All they know is it is programmed to receive / look for instructions on April 1st.

I don't know if Windows has come out with a patch which is why the worm disables windows update or if it is just a byproduct of having the worm. Either way they say that is the main sign to tell if you have the worm.

 

[C0RR0SIVE]

Even with all this talk, i find something rather funny, I am registered with norton/mcafee, and some other various AV companys that supposedly send out alerts when something gets bad, well today, i finaly got an alert from proland... Still nothing from the others...


BTW Mcafee has released a version of stinger that supposedly detects all current variants of stinger.

McAfee Threat Center

 

[Yami]

Are you so sure? I remember many years back GMail was a April Fools joke. Now it is one of the biggest known EMail services out there..

Ah, you have me there I guess

 

[KSoD]

Every Year Google seems to have a April Fools joke. Every time it seems to come true.

GMail
Browser (Chrome is out now)
GDrive (There is a extension for Windows that can allow you to upload to your GMail)

That is just 3 instances. There was also the gOS, which is now in place on the TMobile phones. So yeah, just because it comes out on April 1st doesnt make it a joke. Almost everyone that Google has had has come true in a way, shape or form.