It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Conficker wakes up, updates via P2P, drops payload

page: 1
5

log in

join
share:

posted on Apr, 9 2009 @ 01:15 PM
link   

Conficker wakes up, updates via P2P, drops payload


www.cnn.com

The Conficker worm is finally doing something--updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday.

Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.

The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.

The worm also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog.

(visit the link for the full news article)



posted on Apr, 9 2009 @ 01:15 PM
link   
I would keep a close watch on all your computers as this nasty worm now seems to be doing something. If you find your computers do have the dreaded Conficker'd then there are fixes. CNET has a step by step guide to fix computers which are Conficker'd download.cnet.com... .

In my case, I find it's easier and more assuring to just backup my docs I need to keep then reformat. Scan the backed up docs before moving them back onto my new clean computer.

www.cnn.com
(visit the link for the full news article)



posted on Apr, 9 2009 @ 03:02 PM
link   
Really, no replies.

I'm just glad I don't have it, though 99.99% of everyone I know, says it doesn't exist, and was a joke played on people April 1st, my sister even took down her virus protection software, to prove it was fake, although she had no proof, and I've lost a lot of respect for her!

It's obviously real, someone spent a lot of time on it, and it's hard to believe it's harmless.

Why is it going to just shut down though? Interesting.



posted on Apr, 9 2009 @ 03:13 PM
link   
I dont know what it was but after restarting my machine for Windows Updates last Thursday I was swamped with ridiculous malware. No programs ran in regular mode. Some ran in Safe Mode. No malware scans would install and my currently installed stuff would scan like a dozen files and claim it was done and I was clear.

Eventually I got a combination of things to run and I had Cryptor and something in the rootkit like UACD.sys that was loading as a device driver and shutting me down. There was a fake iexplore.exe in my running processes.

It was a mess.

Running Avenger and then running Avast from a thumb drive got me back on my feet though.

I was sad to learn all of that had nothing to do with Conficker. I was hoping to experience a part of annoying hyped-up tech history.



posted on Apr, 9 2009 @ 03:49 PM
link   
For the last week or so my computer is instaling automatic updates from microsoft internet explorer and then crashes and when i restart my pc i have no internet settings or no access to my documents!

My antivirus cannot detect anything and the only way around it is to do a system restore!.....And for some reason i cannot turn off automatic updates now!


Anybody have any advice for me? Please.....



posted on Apr, 9 2009 @ 04:06 PM
link   
Some thing on my computer, tries to send a out going massage on window messenger.

I don't use and never have used window messenger so this is strange.

My firewall (custom build)alerts me when any mail is sent so i can clear it and caught this one.

What ever it is i can not open it or find out where it was going.

I also have a good anti virus (avg)and anti Malware (malwarebytes)that have found nothing.

So at this time i am trying to find out what IS using windows messenger



posted on Apr, 9 2009 @ 04:19 PM
link   
Symantec couldnt get the worm to work the first time so they gave it a little update so people will buy their crap security. What a sham these people are criminals.



posted on Apr, 9 2009 @ 04:20 PM
link   
My daughter had several similar problems to what's been stated above.

AVG updated normally but whenever she tried to run a scan the computer turned off completely. We also tried online scanners and they also resulted in the computer turning off.

Yesterday I installed Avira (free) antivirus and it picked up 6 trojans! Now all the online scanners work fine too and the computer is no longer shutting down.

None of them were Confiker but I'm wondering whether it exists or not because surely, if it's such a huge thing, and these other 6 managed to get on my daughters pc then how come confiker didn't?



posted on Apr, 9 2009 @ 04:21 PM
link   
reply to post by ANNED
 

Sounds like your messenger service is running(part of windows for Network environments). If your firewall doesn't block messenger port and the service is enabled you will get pop-ups. It was disabled by default with service pack 2. If you haven't enabled it yourself and it's running(right click on "My Computer" and select "Manage" goto the bottom to services and find messenger. Make sure it is set to disabled)then you should be concerned that something re-enabled it.

You can run stinger for a start which will get rid of the conficker plus a few other common infections as a start.Stinger From McAfee



posted on Apr, 9 2009 @ 05:02 PM
link   
This is complete and utter rubbish!

From a BBC news article:

news.bbc.co.uk...


The Conficker worm has started to update infected machines with a mystery package of data.

The strong encryption on the payload has, so far, prevented detailed analysis of what it actually does. However, security experts speculate that it is a "rootkit" that will bury itself deep in Windows in order to steal saleable data such as bank website login details.


The frikkin' virus contains the decryption keys!!!! I suggest that they don't want to know what it does, or they do know but won't say and instead are scaring people into buying their software.

As a security analyst, this BS hacks me right off!!


Get the key out the virus and decrypt its contents!! I suggest you avoid the Big AV companies. I wouldn't trust them at all.

[edit on 9-4-2009 by mirageofdeceit]

[edit on 9-4-2009 by mirageofdeceit]



posted on Apr, 9 2009 @ 05:09 PM
link   
reply to post by mirageofdeceit
 


yeah big time stunt here, for morons to go out and buy AV, software, conficker, the stimulus for AV corps. Would not be surprised if they made the damn virus..


[edit on 9-4-2009 by Adrifter]



posted on Apr, 9 2009 @ 05:25 PM
link   
So how would one know if they have conficker (without resorting to corrupt software such as Norton and McAffee)?

Does it really even exist? I've not looked into it much but there doesn't appear to be any evidence for it whatsoever...



posted on Apr, 9 2009 @ 05:40 PM
link   
there is a free software to remove just the conficker from your computer.

www.bdtools.net...
www.system-protector.com...

I don't use any AV program for years =P I don't download or visit any suspicious website/program. And use a "good" firewall to protect my computer.

Good firewall is a joke because I just use the Sygate personall firewall as my defense firewall



posted on Apr, 9 2009 @ 05:42 PM
link   
Your best option is to use a hardware firewall and block any ports you don't use.

Personal firewalls are OK but they are software based and ultimately run on an insecure operating system. If you really wanted you could get past these.



posted on Apr, 10 2009 @ 09:52 PM
link   
CNET's Suggested Online Conficker Test


Researchers have discovered another feature of the Conficker worm that provides an additional clue about the intent of the creators--the worm installs malware that masquerades as antivirus software, Trend Micro said on Friday.

To check if your computer is infected you can use this Conficker Eye Chart or this site at the University of Bonn. There is also a Conficker removal guide on CNET's Download.com site.


The 2 links they suggest to test your PC if it is Conficker'd is:
Conficker Eye Chart
and
This site at the University of Bonn

Hope this helps. My PC's do not appear to be Conficker'd!



posted on Apr, 10 2009 @ 10:15 PM
link   

Originally posted by thisguyrighthere
I dont know what it was but after restarting my machine for Windows Updates last Thursday I was swamped with ridiculous malware. No programs ran in regular mode. Some ran in Safe Mode. No malware scans would install and my currently installed stuff would scan like a dozen files and claim it was done and I was clear.

Eventually I got a combination of things to run and I had Cryptor and something in the rootkit like UACD.sys that was loading as a device driver and shutting me down. There was a fake iexplore.exe in my running processes.

It was a mess.

Running Avenger and then running Avast from a thumb drive got me back on my feet though.

I was sad to learn all of that had nothing to do with Conficker. I was hoping to experience a part of annoying hyped-up tech history.


Avast! is awsome. I had Norton for a YEAR and used to do regular scans once every two weeks. It never detected anything, so I thought I was clear. Well I got sick of paying and I recently switched to Avast. I did a full scan and it detected 3 viruses! Here I was paying for Norton all along and Avast! home, which is free, detected viruses I thought I never had.







 
5

log in

join