Final Internet Worm Warning!!!

Self ^ | 03/31/09 | papasmurf

[vigilante2]

This is for XP and after. Anything for 98 & ME?

[GOPJ]

That’s not what it says. It says if you are infected, you MIGHT not be able to get in.

I went to one of the links and got the following good news:

If you are reading this page, your computer is probably not infected with Conficker as the worm blocks access to most security web sites. If you have a computer that is infected, you will need to use an uninfected computer to download a specialized Conficker removal tool from. The tool is available here.

[steve86]

I don’t have any other than to say that my point in this thread is that Steady State is only one component of a security strategy. Don’t depend on this (free) product to guarantee protection from and recovery from any and all threats. It certainly isn’t marketed that way by Microsoft.

This idea of rolling back to a prior state by utilizing an external journaling feature is fine. Similar things have been available in other operating systems for years. But no professional would rely on this approach alone. This is kind of a last resort — after the threat gets past actual defenses like AV and firewall (which this is not). And if that cache file is trashed or the disk goes, forget it. You’re then left with nothing if you don’t have an external backup.

[Cindy]

BLOG:

http://blogs.zdnet.com/security/?p=2754

March 3rd, 2009
“Conficker worm to DDoS legitimate sites in March”
Posted by Dancho Danchev @ 12:40 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware......
Tags: Security, Internet Worm, Remote Code Execution, MS08-067, Conficker......

SNIPPET: “The reverse engineering of the domain registration algorithm not only made it possible to anticipate the upcoming command and control locations, but also, allowed security companies to pre-register them and lock them under the Conficker Cabal alliance with members such as Microsoft and the ICANN. Moreover, perhaps the most pragmatic mitigation solution implemented on a large scale so far, has been OpenDNS updated Stats System which automatically stops resolving Conficker’s latest domains, a feature which they introduced last month.

For the time being, the Conficker botnet remains in a “stay tuned” mode with the real malicious payload to be delivered at any particular moment. A patch has been available since October, 2008.”

[papasmurf]

I would wait a day or two. The full effects of the conficker aren't known yet. They do know that it is waiting for instructions from the servers it calls out to.

Sophos
The thing is, no one knows, for sure, which servers they are, or how many there are. It's using randomly looking (but calculated) DNS Queries to contact sites to load new instructions from his bot-masters. Some of the randomly-looking, generated DNS queries clash with real, existing and delegated DNS Domains in the Internet.

I want to look at something and I'll post back in a few minutes.

[papasmurf]

Here is what MS says...

What is Windows SteadyState? Share computers, not headaches

What state is your shared computer in at the end of the day?


* Hard disk filled with downloaded files?
* Strange options configured?
* Programs installed that you don't want?
* System infected with viruses and spyware?
* Computer bogged down for unknown reasons?

Windows SteadyState, successor to the Shared Computer Toolkit, is designed to make life easier for people who set up and maintain shared computers.

How Windows Disk Protection works When disk protection is turned on, it creates a cache file to retain all the modifications to the operating system or program directories. Histories, saved files, and logs are all stored in the cache file which is created on the system partition. At intervals you designate, Windows SteadyState deletes the contents of the cache and restores the system to the state in which disk protection was first turned on.

How Windows Disk Protection works When disk protection is turned on, it creates a cache file to retain all the modifications to the operating system or program directories. Histories, saved files, and logs are all stored in the cache file which is created on the system partition. At intervals you designate, Windows SteadyState deletes the contents of the cache and restores the system to the state in which disk protection was first turned on.

Windows reinstallations are essentially a thing of the past. Now you can restart the computer to its original state.

I have not said, nor do I imply I would rely on this approach alone, as I do not. I said it's for those who aren't sure.

[Vn_survivor_67-68]

ok........I just clicked these 3 links from post #2 and got onto the pages quite normally, so I guess I don’t have it as of now.....right? And I shall assume I’m ok if I can do so for the next day or two?

Home users can apply a simple test for the presence of a Conficker/Downadup infection on their home computers. The presence of a Conficker/Downadup infection may be detected if a user is unable to surf to their security solution website or if they are unable to connect to the websites, by downloading detection/removal tools available free from those sites:
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_link_conficker_worm
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
http://www.mcafee.com

[papasmurf]

You won't get me to agree to that. LOL

I do lknow that conficker itself installs a patch on your machine...

Conficker's patch gambit exposed by researchers

Scanning engines look to help in Conficker battle By Ellen Messmer , Network World , 03/31/2009

One technique used by the Conficker worm is to patch vulnerable Microsoft-based computers it has invaded in order to hide and prevent other malware from invading. One vendor, Qualys, says it upgraded its scanner Tuesday to be able to tell real Microsoft patches from stealthy Conficker patches.

"Last week researchers from the University of Bonn found out that once the worm installs itself, it closed that vulnerability [related to MS08-067]... "But the Conficker patch looks different."...

The work of the Bonn researchers in differentiating a real Microsoft patch from Conficker's stealthy bogus patch has provided the basis for Qualys upgrading its scanning engine to be able to be able to differentiate between the two, Kandek says. "The Conficker patch looks different. Before today, we'd say, you seem to be patched," he says. The scan could uncover machines that weren't suspected of being Conficker-infested.

Best advice I can give is to fully protect yourself, and stay protected until the dust settles.

[Coleus]

thank you.

[Vn_survivor_67-68]

well, it’s midnite here now, LOL, so if I got it I got it.....I’m nervous because I trade stocks actively.....hopefully even tomorrow. I dread the thought of a reformat! Thanks much.

[AH_LiveRight]

This has turned out to be no big deal. No problems to rep@@@@@~~~~

Username: Conficker
Password: ********
https://www.iamsoscrewed.com

[hsmomx3]

Avira says that if you have their AV and it is running, you should be okay.

[calex59]

All my important stuff is on flash drives. If my harddrive goes I am fine and dandy, I will leave my flash drives out of the machine for a day or two, I will put fresh flash drives in and save any new stuff, at the most I will lose a day or so of stuff, no big deal here. I doubt if it amounts to anything big anyway, this is just another crisis to keep people stirred up.

[Cyropaedia]

Got a MacBook Pro a year and a half ago, and I am through with Windows.

[papasmurf]

You’re welcome. Have fun, make money. :O)

[papasmurf]

Oh, I forgot to mention what I saw.

[papasmurf]

You’re welcome.

[papasmurf]

I don’t keep anything other than installed programs on my PC, except recently downloaded stuff I put on the desktop (to remind me to file it away), I store everything on two 1 TB, mirrored usb drives.

The PC I use mostly is a tri-boot (XP, Vista, Linux) machine, and I “image” it, and burn it to a dvd.

Flash drive are a good way to safely store data, if you do take them out or “stop” them when not using them.

[Vn_survivor_67-68]

so far so good....pre market open now, and everything I need from ameritrade loaded as usual, so I’m good to go....tks again

[GOPJ]

Things are looking good here - any word on how overseas “pirated” computers are doing?