[dhrishiasv]

Vexing computer worm to evolve on April Fool's Day
Mar 29 03:15 AM US/Eastern

A tenacious computer worm which has wriggled its way onto machines worldwide is set to evolve on April Fool's Day, becoming harder to exterminate but not expected to wreak havoc.

A task force assembled by Microsoft has been working to stamp out the worm, referred to as Conficker or DownAdUP, and the US software colossus has placed a bounty of 250,000 dollars on the heads of those responsible for the threat.

The worm is programmed to modify itself on Wednesday to become harder to stop, according to Trend Micro threat researcher Paul Ferguson, who is part of the Conficker task force.

"There is no evidence of it going into attack mode or dropping any particular payload on April 1st," Ferguson said in an interview.

"What people controlling the botnet are doing is building in survivability because of efforts by the good guys to lessen the harm of this thing."

The worm, a self-replicating program, takes advantage of networks or computers that haven't kept up to date with security patches for Windows RPC Server Service.

http://www.breitbart.com/article.php...show_article=1

Pricks.

[evennyNiz]

This virus spreads by infecting unpatched computers.

If you don't do so already. Please run windows update and let it install all critical updates.

Manually update your antivirus.

More information and tips can be found here:

http://windowssecrets.com/2009/03/30...before-April-1

[Andoror]

Thanks nline.

[ArrichMer]

I personally believe its all hype... conficker has already been thru a couple of trigger dates and it they were all a non-event. Not to say that computers don't need to be up-to-date. All machines need to be running an up-to-date OS, be it OS X, Windows, Linux, Solaris, *BSD, etc...

[Finanziamento]

-----Original Message-----
From: CERT Advisory [mailto:cert-advisory@cert.org]
Sent: Sunday, March 29, 2009 8:37 PM
To: cert-advisory@cert.org
Subject: US-CERT Technical Cyber Security Alert TA09-088A -- Conficker Worm Targets Microsoft Windows Systems


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA09-088A


Conficker Worm Targets Microsoft Windows Systems

Original release date: March 29, 2009
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows


Overview

US-CERT is aware of public reports indicating a widespread
infection of the Conficker worm, which can infect a Microsoft
Windows system from a thumb drive, a network share, or directly
across a network if the host is not patched with MS08-067.


I. Description

The presence of a Conficker infection may be detected if a user is
unable to surf to the following websites:

* http://www.symantec.com/norton/theme...conficker_worm
* http://www.mcafee.com

If a user is unable to reach either of these websites, a Conficker
infection may be indicated (the most current variant of Conficker
interferes with queries for these sites, preventing a user from
visiting them). If a Conficker infection is suspected, the
infected system should be removed from the network. Major
anti-virus vendors and Microsoft have released several free tools
that can verify the presence of a Conficker infection and remove
the worm. Instructions for manually removing a Conficker infection
from a system have been published by Microsoft in
http://support.microsoft.com/kb/962007.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code on
a vulnerable system.


III. Solution

US-CERT encourages users to prevent a Conficker infection by
ensuring all systems have the MS08-067 patch (part of Security
Update KB958644, which was published by Miscrosoft in October
2008), disabling AutoRun functionality (see
http://www.us-cert.gov/cas/techalerts/TA09-020A.html), and
maintaining up-to-date anti-virus software.


IV. References

* Virus alert about the Win32/Conficker.B worm -


* Microsoft Security Bulletin MS08-067 - Critical -


* Microsoft Windows Does Not Disable AutoRun Properly -


* MS08-067: Vulnerability in Server service could allow remote code
execution -


* The Conficker Worm -


* W32/Conficker.worm -


__________________________________________________ __________________

The most recent version of this document can be found at:


__________________________________________________ __________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with "TA09-088A Feedback VU#827267" in
the subject.
__________________________________________________ __________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit .
__________________________________________________ __________________

Produced 2009 by US-CERT, a government organization.

Terms of use:


__________________________________________________ __________________

Revision History

March 29, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSdAg4XIHljM+H4irAQJ16Af9G3xHegmJB2Nx9u6J3k l8un/2Tz5J40sr
DW/GTU0rvHtXDg/2Xs3Gv2IHYWqBRWG6HjZ1FbuTWbBqHvlWk0QVrjeeihNeXElP
hp+ZRN6y+tHDCPRz1XT2YLE3zDldLv4v2c9YmsIEVdICiQZYe6 Y/ECKNDWXcUzNt
EweRdI6/ZsAnyfZU24TxESH0L2/vQ4Qb3bRReCcVK4SWhno4cewsiiM5eAXs2EOP
VcSH6UnEE2V/841IHcCV9i5NM7aO2VDvh1lolsr/HvpWROThKslLX/FO2nIdA78d
ktvdaddRdHhJAWOkErlT8cj3nGXj0g2H1HQcDK8Nua/gEc2zOfog/Q==
=sk7E
-----END PGP SIGNATURE-----

[AlabamaBoyz]

I personally believe its all hype... conficker has already been thru a couple of trigger dates and it they were all a non-event. Not to say that computers don't need to be up-to-date. All machines need to be running an up-to-date OS, be it OS X, Windows, Linux, Solaris, *BSD, etc...

It is certainly that. Most modern viruses are NOT written to be directly malicious. They want to use your computer to secretly send spam or mind your computer for data. In the old days it was for pranks now it is for profit. Stealth is key. Conflicker has lost much of that.