Conficker Virus Started Sending Spam From Infected PCs

ONE of the world's biggest computer worms has activated and is now sending spam from personal computers.

The malicious software known as Conficker is slowly starting weeks after being dismissed as a false alarm, security experts said.

Conficker, also known as Downadup or Kido, is quietly turning thousands of PCs into servers of email spam and installing spyware, they said.

The worm started spreading late last year, infecting millions of computers and turning them into "slaves" that respond to commands sent from a remote machine that controls an army of computers known as a botnet.

Many feared it would wreak havoc on April 1, but instead the worm mutated to make it harder to catch.

Its unidentified creators started using infected machines for criminal purposes in recent weeks by loading more malicious software onto a small percentage of computers under their control, said Vincent Weafer, a vice president with Symantec Security Response.

"Expect this to be long-term, slowly changing," he said. "It's not going to be fast, aggressive."

What the worm does ?

Conficker installs a second virus, known as Waledac, that sends out email spam without knowledge of the PC's owner, Mr Weafer said.

It also installs a fake anti-spyware program so users would be led to believe their computer's safe.

"This is probably one of the most sophisticated botnets on the planet. The guys behind this are very professional. They absolutely know what they are doing," said Paul Ferguson, a senior researcher with Trend Micro.

He said Conficker's authors likely installed a spam engine and another malicious software program on tens of thousands of computers since April 7. The worm will stop distributing the software on infected PCs on May 3 but more attacks will likely follow.

"We expect to see a different component or a whole new twist to the way this botnet does business," said Mr Ferguson.

Viruses that turn PCs into slaves exploit weaknesses in Microsoft's Windows operating system. The Conficker worm is especially tricky because it can evade corporate firewalls by passing from an infected machine onto a USB memory stick, then onto another PC.

The Conficker botnet is one of many such networks controlled by syndicates that authorities believe are based in eastern Europe, Southeast Asia, China and Latin America.

What you can do ? 

First of all, make sure your PC has the latest patch from Microsoft and update your security software. If you cannot access your anti-virus maker's website, your PC may already be infected.

In general, you should always be careful when clicking on unknown links. Use LinkScanner to find out if a link leads to dangerous content, and be wary of pop-up windows prompting you to install software such as antivirus or video player updates.

You may also read the US Department of Homeland Security's recommendations at www.dhs.gov, or find out more on Wikipedia

Visit 13above For More Fun

Computer Virus Has Experts On High Alert

SOME 10 million computers infected by the mysterious Conficker worm are waking up and "calling home" as instructed by an unknown master controller who used April Fool's Day as the trigger.

Australia's computer response team, AusCERT, was on high alert yesterday as global IT experts monitored regional - first past the dateline - activity, seeking clues to the malware's author and the feared attack plans.

"Infected computers are trying to find a way to call home, but at this stage nothing malicious is happening," said AusCERT senior information security analyst Zane Jarvis.

"We're seeing hosts do the look-up for IP addresses of sites like google.com or microsoft.com, but nothing is responding and they're not getting any IP addresses."

Mr Jarvis said there had been an increase in local network traffic, with infected machines apparently programmed to do standard Domain Name Server requests for a set period, then "go to sleep" for 90 minutes or so before starting again.

"It's possible that the controller will wait for all the attention to die down, and then do something when everyone stops watching," he said.

Also known as Downadup, the malware exploits a vulnerability in Microsoft Windows systems that allows a remote hacker to take control of infected machines.

Microsoft issued a patch to fix the bug last October, and people who regularly update their software are protected, but an estimated 9-15 million computers worldwide may have been compromised.

Security analysts are particularly worried because they don't know what the mystery attacker has in mind.

Threats range from financial fraud and identity theft on a grand scale, to massed armies of computers being used to launch denial-of-service attacks.

IT security vendors such as Symantec are monitoring the situation, and plan to issue updates if any suspicious new activities are detected.

McAfee's regional technical services director, Michael Sentonas, expected more network traffic overnight as users in Europe and North America came online.

"The biggest unknown is whether some dangerous functionality will be unleashed," he said.

Mr Sentonas warned that publicity over the threat had spawned a large number of "rogue websites" offering fake removal tools which people were downloading free of charge.

"Unfortunately, these so-called anti-virus detection and cleanup tools actually download other malicious content, creating a never-ending cycle of threats to your machine," he said.

"Rather than doing a search for free tools on Google or Yahoo!, my advice is always to deal with reputable vendors _ all of which offer free tools and advice."

Late yesterday, the US-based SANS Internet Storm Center maintained its ``green'' internet safety rating, with director Marcus Sachs saying that while "over the next 24 hours Conficker will change the way it communicates, we don't expect much of anything else to happen".
source : http://www.australianit.news.com.au/

Visit 13above For More Fun

Conficker Virus Could Cause Internet Chaos In April Fool's Day

A computer virus which has infected millions of PCs could use April Fool's Day to wreak havoc on the internet.

The Conficker virus has infected more than 10million PCs worldwide and could cripple computers across the UK tomorrow.

Experts have warned that the worm could be used to steal credit card numbers and passwords, or even bring down websites like Google by using an army of 'robot PCs'.

Experts are warning that the Conficker virus could launch a concerted attack on websites tomorrow - April Fool's Day

The virus targets computers running Microsoft's Windows software and has spread to millions over the past several months, infecting machines on Royal Navy warships and inside the House of Commons.

Tomorrow, on April Fool's Day, the virus is programmed to check a randomly generated number of websites for 'instructions' on what the infected computers should do next.

If they were told to simultaneously connect to a single website, the network of infected 'robot computers' known as Botnets could knock it offline by deluging it with hits.

Botnets have been used in the past to generate millions of pieces of spam email and to blackmail websites by threatening to temporarily knock them out.

Experts fear that the bug could be programmed to trigger an attack on the internet - rendering email, banking and other systems unusable.

It would do this by simultaneously sending a massive numbers of search queries or generating millions of pieces of spam email to knock websites offline through the sheer weight of connections.

Experts admitted today they do not know what will happen. Graham Cluley of internet security firm Sophos said: 'The system could turn into a network of 'zombie' PCs used to send email, or attack other websites. It may also be that nothing happens.'

Mikko Hypponen, of antivirus software firm F-Secure, said: 'It is scary thinking about how much control a hacker could have. They would have access to millions of machines.'

Microsoft has offered users free software to remove the worm, and even offered a $250,000 reward for anyone who reveals its writers.

But Ed Gibson, Microsoft's chief security adviser for the UK, said: '1 April is a classic date for anything like this to go off. But I would hate to say it is going to be unlike any other day.'

PC users can protect against Conficker by ensuring their computer is up to date with the latest free security software from www.microsoft.com, updating antivirus software, and not opening unfamiliar email attachments.

source : microsoft.com