It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


Conficker virus begins to attack PCs: experts

page: 6
<< 3  4  5    7 >>

log in


posted on Apr, 27 2009 @ 01:43 AM
I can see why "Automatic Updates", and "Security Centre" background services are started up by default on Windows XP machines. A huge portion of users don't run Windows update, and while I'm not defending Microsoft for it's inherit security issues - simply using Windows update will prevent Conficker from infecting your machine. As for Conficker itself - it's just a worm and honestly it's not even that bad as it's too easy to counter. I wonder how much money the creators have received though...

"Not so, it has successfully injected itself onto all known networks, however, this might be either through your mem chipset which after each restart it zeros itself out, but then it can feed itself information stating that its no longer able to scan so then the person /s re-visits your system, this obviously can be an automated process at any random time/day/date"

LOL! Wikipedia has a nice page on Conficker and should give you something more accurate.

EDIT: Update Windows BEFORE you get infected - just to be clear.

[edit on 27/4/2009 by C0bzz]

posted on Apr, 27 2009 @ 02:07 AM
I know it's "conficker" and not "coRnFLICKER" but the second way was the the way I originally read it when I first heard of it. The paranoid in me instantly started thinking about mass fires sweeping across the midwestern grain basket, the national harvest vanishing in an unstoppable malestorm of FLICKERING flames, devouring the CORN that feeds the nation and the the world. Now THAT, ladies and gents, would be high terror for you. Global famine caused by mass fires in the world's breadbasket and corncrib, unstoppable and raging out of control in one of the driest years on record.

[edit on 4/27/09 by silent thunder]

posted on Apr, 27 2009 @ 03:38 AM

Originally posted by makeitso
reply to post by Alexander the Great

It attempts to stop your current anti-virus software, and Micro$oft updates. It also attempts to block you from accessing anti-virus and Mirco$oft update sites.

[edit on 4/26/09 by makeitso]

LMFAO,,,,If this is correct, then I have been Conflicted

Sorry man, I'm not laughing at you, I'm laughing at myself because I have this tendency off killing computers

It also explains why I can't re-format (something about not been able to access the administration account) it doesn't matter anyway I've already got my new hard drive, all I need now is the OS....

posted on Apr, 27 2009 @ 04:42 AM
reply to post by tristar

I used to be infected with Conficker and this worm would frequently trip my firewall and prompt me with attempts to connect to unknown servers, naturally, I would choose the 'block' option.

The link is crediting the worm makers to be 'very professionals'. I'd love to say quite the opposite to whoever created Windows OS!!


posted on Apr, 27 2009 @ 07:03 AM
reply to post by TheAssociate

Yeah I heard about that update but they were open about the error and quick to rectify it. I will look at the links you gave and see how it stacks up, thanks. I use Spybot S&D for malware but again thanks for the alternative.

Originally posted by radioactive_liquid
luckily i been using linux for the last 9-10 years and never had one single type of virus or any other malware. its pretty suprising to me that big companies wont even begin to think about using linux or openbsd which is the most secure os in the world.

It's true Linux is more secure at the moment but not 100% secure and as someone else has already said on this thread it's more the user who lets the virus/worm onto the system usually through some form of social engineering.

My counter point with Linux, revolves around the fact it doesn't have anywhere near the desktop penetration of Windows so virus writers are of course going to focus on Windows for more effective results. If Linux ever starts getting rates of 20-25% on the desktop market you can guarantee people are going to find exploits within the system. I do wonder how quick the various Linux distros will release updates when a big virus bites those OS's.

As to why companies don't use open source, well I believe it's M$ scaremongering saying "Oh you won't get the support we can offer for Windows products if something goes terribly wrong" - This may be true in some cases but a state of fear scenario is never a good thing.

posted on Apr, 27 2009 @ 07:27 AM

Originally posted by 308
reply to post by TheAssociate

Yeah I heard about that update but they were open about the error and quick to rectify it. I will look at the links you gave and see how it stacks up, thanks. I use Spybot S&D for malware but again thanks for the alternative.

Spybot S&D is a good one, but like everything else, each has its strengths and weaknesses. Spybot doesn't find some of the more popular malware out there for some reason. In fact, none of them seem to find ALL of it, in which case running multiple security applications is highly reccomended. After all of my research (which is a LOT) I've concluded the 5 best security utilities to run on any computer are:

1. A well known Anti-Virus such as McAfee or Norton's.
(Norton is a system resource hog and McAfee seems a bit more reliable. If you can't afford to pay for one, AVG and Avira are the best alternatives imho.)

2. Malwarebyte's Anti-Malware
(I absolutely love this software. It's amazing. Don't leave a computer without it.)

3. Ad-Aware
(Yep, good 'ol Ad-Aware is still around and kickin, and it's stronger than it's ever been before. It still finds things that none of the others can.)

4. Windows Defender
(It's made by Microsoft and it knows what to look for. Fan of MS or not, you can't go wrong with this little toy. Must have a valid version of windows to install it.)

5. Spybot: Search & Destroy
(This used to be one of the top two when it came to spyware removal, if not the best. Now I think other programs are better and updated more frequently. Regardless, every great once in a while, this little application will find something that none of the others were able to pick up on, so I've always kept it in my arsenal.)

Hope that helped.


- Strype

posted on Apr, 27 2009 @ 08:32 AM
reply to post by Strype

Actually, AntiVir scored the highest in certified tests (free AV software).

By the way, the best free anti-malware product - hands down- is Superantispyware. It sounds cheesy but its the best.

The Final Scores If we left spyware/adware removal out of the mix and focused only on the scanner's ability to detect traditional virus threats, out of a possible 125.6 points, AntiVir PersonalEdition Classic scored 94, AVAST 4 Home Edition scored 89, and AVG Free Edition scored 66. However, when we included adware/spyware removal in the judging, the results were dismal, with AVAST scoring highest at 66 points, AntiVir following at 58, and AVG with only 30. Of course, these particular antivirus scanners don't claim to have adware and spyware removal capabilities, so it would be unfair to judge them harshly if they do not. Still, if you are looking for a standalone antivirus scanner that can also offer spyware or adware protection, you'll have to shell out a few dollars to get it.

[edit on 27-4-2009 by venividivici]

posted on Apr, 27 2009 @ 08:43 AM
Why don't people just swap over to a real operating system? One that doesn't integrate and incorporate active scripting into every aspect of the Desktop. Windows Sucks!

posted on Apr, 27 2009 @ 08:45 AM
Conficker is the biggest false alarm since Y2K bug. There is no proof it is doing anything just some guys saying how "dangerous" it is and how we are all "at risk." I guess we'll just have to pass some laws to restrict and monitor internet access, then, if we can't beat this simple worm.

posted on Apr, 27 2009 @ 09:06 AM

Originally posted by Lhuhikwdwoo
It does whatever the people who released it, want it to do. With any luck, that "lets refer to a thousand websites" portion was considered as a means to wrestle for control with who started off calling the shots on what conficker does.

For those who feel that because they keep their computers either updated or on wiped/reloaded on a regular basis are safe. there are enough who don't to ensure the worm's controllers can create havoc with routers and servers, causing a freeze to the internet at the very least.

More specific damage can result by screwing with specific services that individuals, companies, and governments have come to rely upon such as money transfer systems, internet based GPS, etc.

Ah man... thats totally going to screw with my Eve time... :O damnit!

posted on Apr, 27 2009 @ 09:08 AM

Originally posted by tristar

Originally posted by ModernAcademia
I told everyone, even here on ATS
The worst thing that the virus can do is nothing


Would like to inform you that, either you have no idea what this is about or your giving out the wrong information here. Either way in both cases, your wrong.

I think you've misunderstood him though dude, a virus that does nothing is a virus you never know you have. So in other words, there are no symptoms that can be picked up. I think this is what ModernAcademia is saying.

posted on Apr, 27 2009 @ 04:58 PM
reply to post by mortalengine

Yes i see your point, my mistake in reference to my reply in the above post.

Just a quick heads up for who ever might be interested, there is a nifty little piece of software in there for you to scan your network if you feel you would like to see if anyone has been infected, that is unless you have some it security within your company. Also the recent gmail exploit account worm.

PS. The vid file i have previously mentioned is in .arf format, im just trying to find a friend who can help me change the format to .swf



posted on Apr, 28 2009 @ 11:20 AM

Originally posted by tristar

PS. The vid file i have previously mentioned is in .arf format, im just trying to find a friend who can help me change the format to .swf

I've never heard of arf video format neither have a lot of file extension sites I've just looked at ...

Is there any word on your contact converting to Flash video and also could you reply to my post on page 4, I'd really like clarification, thanks.

[edit on 28/4/2009 by 308]

posted on Apr, 28 2009 @ 05:35 PM
reply to post by 308

Hi 308, thanks for the find, like i have said im not that fluent in vid formats
, but your link did help me find the necessary player. here is the link,

Im running win of the laptop so not sure what system you are running. Ill upload it to rapid share and re post with the link. The file itself is only 37 mb so its not that big.

[edit on 28-4-2009 by tristar]

posted on Apr, 29 2009 @ 12:18 AM

Originally posted by tristar
reply to post by Kandinsky

Well said Sir/Madam,

The only issue i find is that many many networks have no serious or very limited knowledge. Keep in mind you only need one access point. Then it does spread to which ever terminal you would like with ease. Now if that employee takes his work home on a portable digital unit, then his computer is also affected along with who ever else he will be interacting with.
As i posted earlier its and ingenious piece of art, but its just as dangerous.

I think you are you are blowing the situation out of proportion here.

I am the IT manager (well, chief technology officer in that i am the one who decides what technolgies and platforms to employ in our operations) of an ISP that deals with high speed connections for corporations and large businesses.

First off any and all traffic routed through our data center goes through a hardened firewall (powered by Linux, Ubuntu Server more specifically). I know what packet is being sent where, I know what IP's any machine on our network (both internal to my operations as well as clients) are listening on, I also know the origin and destination of all traffic.

Now Confiker is not getting into my network through my gateways.

Second scenario, it's brought in via flash drive or laptop, or even a secondary ISP (most large corporations, banks and hospitals have back up connections)... well my organization provides high speed connections for companies to connect various branches, offices, etc (in fact, this is the bulk of our business). So in a sense, I also monitor the internal networks of our clients. This infrastructure is monitored via SNMP (simple network management protocol). All traps are sent to another Linux server running Zenoss. Zenoss provides various data such as the process running on servers, data traffic, uptime, graphical representation of various subnets, trace routes in conjunction with Google Earth, all kinds of stuff.

Anyways, even if Conficker was not passing traffic through one of our gateways, I would know. Its processes would be detected, its traffic would be sniffed and all kinds of alarms would be going off. With the click of a button the affected subnet(s) would be disconnected from the WAN, the system administrator for that place of business would then be notified and for a fee, we would work with them in correcting the issue.

I know a lot of that is rather vague, for two reasons - 1, I wanted to keep it as layman as possible for other readers, and 2, I don't want to give out too much info regarding our security protocols.

This isn't like a movie, the websites are not moving around in cyberspace, untrackable - the URL's are just changing. Think of it as changing your address, but staying in your home. The server(s) remain the same; they are hosted by the same company and they are in the same country.

Of course, no one in my office (or any of our clients for that matter) are able to send or receive information to the Ukraine (among other countries). So I guess that takes care of that eh?

Yes, we have had a few out-breaks, limited to one or two machines. A user is not going to transmit it via email as there several tiers of security that would stop it in its tracks; managed switches, network appliances, and email scans at the server level. In fact, if an email was sent to you that contained the Conficker (or any virus for that matter) you would never know as the things I mentioned above would disallow it from getting to your inbox.

I have spent more time bullet proofing our network against this virus than actually dealing with it. We take all outbreaks of any virus very seriously - if best practices are followed by knowledgeable IT personnel, it is a non issue. Sure, we get sprung by an unknown Trojan / Worm from time to time, but there has to be some excitement to this job. Am I right?

[edit on 29-4-2009 by crisko]

posted on Apr, 29 2009 @ 12:39 AM
Does anyone know how to get this removed from your comp?

posted on Apr, 29 2009 @ 05:28 AM
reply to post by crisko


In reference to your question, Indeed that is correct.

By know means am i claiming "every" computer will be infected, i was and have been stating that there is a large volume of, lets say open networks. You would be surprised at the level of stupidity a company would go to save a few dollars instead of having the security of knowing that there network is safe. Then again, a person in your position would know and fully understand the need to have a "bullet proof" network. I too agree that over time, one or two might get through. Statistically, thats normal, statistically its what they have on their side and ours.

posted on Apr, 29 2009 @ 05:29 AM

Originally posted by Dr.Joseph
Does anyone know how to get this removed from your comp?

As posted by other members, make sure your computer system is UPDATED


posted on Apr, 29 2009 @ 11:56 AM
Tristar, you said this in one of your first posts: "Keep in mind, this worm CANNOT BE STOPPED"

Yet crisko makes it abundantly clear that he could isolate the problem if it infected his system and then fix the problem working with the sys admin for that sector. Can you clarify your point?

Also have you uploaded the video file, I'm very eager to see your proof that conficker is stealing sensitive data. I'm curious as to why none of the security sites have reported this, if indeed it is happening. They would surely be aware and it would be in the public's best interest to be made aware and how to fix the problem, right?

The only reason I can think of as to why they don't is that there is a team working for some covert op department which is keeping a lid on this till they've caught the people behind this. Risky business in my opinion, how much data is getting siphoned away before or if they ever do catch the people responsible? You seem to know something we don't about this please spill the beans ...

posted on Apr, 29 2009 @ 05:03 PM

Originally posted by Dr.Joseph
Does anyone know how to get this removed from your comp?

Hmmm Perhaps we should start a removal thread in the BTS computer help forum?

These should get you started on removal. :-)

List of Removal Tools

Microsoft MSRT
Sophos (registration required)

Advanced users

Manual Removal

[edit on 4/29/09 by makeitso]

new topics

top topics

<< 3  4  5    7 >>

log in