conficker

Podcast: Worm 'phoning home' but getting no answer

SANTA CLARA, Calif--It's early morning in California, and so far there are no reports of problems due to the much-anticipated Conficker worm. In Asia, where it's already evening, the worm hasn't done any noticeable damage, according to McAfee's Hong Kong-based security expert, Vu Nguyen.

I'm here at the headquarters of security company McAfee, where I spoke by phone with Nguyen and in person with McAfee spokesman (and former CNET News security reporter) Joris Evers.

Rid your computer of the Conficker virus

Let's assume you're on the receiving end of the worst April Fool's Day joke of 2009: your computer's been infected with the Conficker virus. It's a frustrating but not insurmountable problem. This guide will walk you through how to cleanse your computer and inoculate against other Conficker variants.

First off, make sure that you are actually infected. There aren't many warning signs, but a few will stand out if you know what to look for. One fast way to check is to try to visit any major security software publisher's Web site. If you've cleared your browser cache beforehand, and you can load the sites of Symantec, Eset, Avira, or AVG, you're clean because Conficker blocks access to them.

Another good litmus test is to check on the status and functionality of Windows services such as Automatic Updates, the Background Intelligent Transfer Service, Windows Defender, and Error Reporting Services. If any of those have been disabled without your consent, or if your account lockout policies have changed without approval, you might be infected. Other warning signs include unusually high traffic on your local area network, and domain controllers responding slowly to client requests.

If you're running an up-to-date virus scanner, it's unlikely you'll get infected unless you've configured your computer to not receive automatic Windows updates. Checking your list of installed updates for security update MS08-067 (KB 958644) is not recommended because the worm, alternatively known as Kido, Downup, or Downadup, fakes the patch job. … Read more

CNET News Daily Podcast: Will Conficker be Y2K redux?

The clock is ticking down on Conflicker, an Internet worm that's making the rounds in various incarnations and is getting more sophisticated. It could be huge, or it could be nada. It's all part of a guessing game and we may know more tomorrow. CNET News' Elinor Mills has the latest. Listen now: Download today's podcast

Wales giving up on Wikia search

Apps to dominate CTIA Wireless 2009

Web 2.0 Expo 2009: Downsized, but not out

Swedish antipiracy law stirs up political waters

Windows users brace for Conficker's wiggle

Buzz Out Loud 942: Fill up on Confickerdoodles

A new scanner developed by Kaminsky and friends can help find Conficker-infected machines. We're so drenched in Conficker news at this point that I think the Girl Scouts have started selling Confickerdoodles. We also analyze Netflix's Blu-ray-rate hike, and try to decide why they're fighting over toilets in space.

Listen now: Download today's podcast EPISODE 942

Netflix to hike up monthly Blu-ray fee by up to $8 a month http://news.cnet.com/8301-17939_109-10207302-2.html

New method for detecting Conficker discovered, debuted http://arstechnica.com/security/news/2009/03/new-method-for-detecting-conficker-discovered-debuted.ars

YouTube gets Disney http://online.wsj.com/article/SB123844481702470815.html… Read more

Podcast: Conficker worm dissected

Millions of computers worldwide have already been infected with the Conficker worm.

So far, it hasn't done any major damage, but it is replicating itself. And on Wednesday, it's apparently programmed to "phone home," possibly getting instructions from some master computer to start causing real problems.

Most experts don't expect anything dramatic on Wednesday, but Windows users are being advised to make sure to apply the latest Microsoft security patch and to be sure they're using up-to-date antivirus software. In this podcast, I discuss the worm with David Perry, education director of Internet security … Read more

Conficker demonstrates complexity of IT security

With recent coverage in The New York Times, The Washington Post, and 60 Minutes, the sophisticated Conficker worm has become mainstream news. Yes, the underlying concepts may be a bit complex for John Q. Public, but I think this media attention is a great public service. Users need this type of education to better understand the risks associated with Internet connectivity.

Plenty of people have written detailed descriptions about what Conficker is, where it may have come from, and future potential damage. I prefer to focus on the relationship between Conficker and overall IT security. Given its properties, Conficker goes … Read more

Conficker flaw reveals which computers are infected

Even worm creators write buggy software.

Once it infects a computer, the Conficker worm closes the hole in Windows that it used to get onto the system so no other malware can get in. This also makes it difficult for organizations to detect which computers have the legitimate Microsoft patch and which have the fake Conficker patch.

However, Conficker's "patch" has a weakness that can be used to distinguish between patched computers and infected computers that look patched, according to the nonprofit Honeynet Project.

Some of the researchers have released a proof-of-concept scanner that can be used … Read more

Malware probes find a China angle

China is coming under scrutiny as the possible source of malicious software and Internet attacks directed at foreign governments and other institutions.

A pair of recent research reports have cast some light on shadowy online initiatives with roots in China. Completed separately, both reports--"Tracking GhostNet," from the Munk Centre for International Studies in Toronto, and "The snooping dragon," from the University of Cambridge Computer Laboratory--address the Chinese government's efforts to monitor the activities of the Dalai Lama and the governing of Tibet.

Asked about the reports, analysts in China say that such claims are … Read more

Conficker worm might originate in China

Updated at 9:13 p.m. PDT with information provided by BKIS stating that its free version of BKAV antivirus software can remove the worm from any infected computer.

There's been a lot of fuss about the Conficker worm. And here's the a $250,000 question: what is the origin of the virus?

$250,000 is the amount of money Microsoft is putting up as a reward for any information leading to an arrest related to the case. Folks at BKIS, a Vietnamese security firm that makes the BKAV antivirus software, announced Monday that they found clues that the virus may have originated in China. Previously, there were rumors that it might have been from Russia or Europe.

The firm's conclusion is based on its analysis of the virus' coding. It found that Conficker's code is closely related to that of the notorious Nimda, a virus that wreaked havoc on the Net and e-mail in 2001. At that time, BKIS determined that Nimda was made in China, based on the firm's own data.

It's important to note that the origin of Nimda was never verified. Though Nimda contained text indicating that it may have originated from China, that is in no way hard evidence. … Read more

'60 Minutes': What's next for the Conficker worm?

Correction, April 1, 9:19 a.m. PDT: "60 Minutes" made a mistake in using a photograph in its story called "The Internet is Infected." The picture was described in the story as a group of young Russian computer hackers, which was inaccurate. The picture, provided to the CBS television news magazine by an Internet security company, had appeared on a Russian hacker magazine Web site.

The following is the updated, corrected transcript and video of the "60 Minutes" report on Internet viruses that aired Sunday.

The Internet is infected. Malicious computer hackers have … Read more