worms

Let's assume you're on the receiving end of the worst April Fool's Day joke of 2009: your computer's been infected with the Conficker virus. It's a frustrating but not insurmountable problem. This guide will walk you through how to cleanse your computer and inoculate against other Conficker variants.

First off, make sure that you are actually infected. There aren't many warning signs, but a few will stand out if you know what to look for. One fast way to check is to try to visit any major security software publisher's Web site. If you've cleared your browser cache beforehand, and you can load the sites of Symantec, Eset, Avira, or AVG, you're clean because Conficker blocks access to them.

Another good litmus test is to check on the status and functionality of Windows services such as Automatic Updates, the Background Intelligent Transfer Service, Windows Defender, and Error Reporting Services. If any of those have been disabled without your consent, or if your account lockout policies have changed without approval, you might be infected. Other warning signs include unusually high traffic on your local area network, and domain controllers responding slowly to client requests.

If you're running an up-to-date virus scanner, it's unlikely you'll get infected unless you've configured your computer to not receive automatic Windows updates. Checking your list of installed updates for security update MS08-067 (KB 958644) is not recommended because the worm, alternatively known as Kido, Downup, or Downadup, fakes the patch job. … Read more

Millions of computers worldwide have already been infected with the Conficker worm.

So far, it hasn't done any major damage, but it is replicating itself. And on Wednesday, it's apparently programmed to "phone home," possibly getting instructions from some master computer to start causing real problems.

Most experts don't expect anything dramatic on Wednesday, but Windows users are being advised to make sure to apply the latest Microsoft security patch and to be sure they're using up-to-date antivirus software. In this podcast, I discuss the worm with David Perry, education director of Internet security … Read more

Even worm creators write buggy software.

Once it infects a computer, the Conficker worm closes the hole in Windows that it used to get onto the system so no other malware can get in. This also makes it difficult for organizations to detect which computers have the legitimate Microsoft patch and which have the fake Conficker patch.

However, Conficker's "patch" has a weakness that can be used to distinguish between patched computers and infected computers that look patched, according to the nonprofit Honeynet Project.

Some of the researchers have released a proof-of-concept scanner that can be used … Read more

Updated at 9:13 p.m. PDT with information provided by BKIS stating that its free version of BKAV antivirus software can remove the worm from any infected computer.

There's been a lot of fuss about the Conficker worm. And here's the a $250,000 question: what is the origin of the virus?

$250,000 is the amount of money Microsoft is putting up as a reward for any information leading to an arrest related to the case. Folks at BKIS, a Vietnamese security firm that makes the BKAV antivirus software, announced Monday that they found clues that the virus may have originated in China. Previously, there were rumors that it might have been from Russia or Europe.

The firm's conclusion is based on its analysis of the virus' coding. It found that Conficker's code is closely related to that of the notorious Nimda, a virus that wreaked havoc on the Net and e-mail in 2001. At that time, BKIS determined that Nimda was made in China, based on the firm's own data.

It's important to note that the origin of Nimda was never verified. Though Nimda contained text indicating that it may have originated from China, that is in no way hard evidence. … Read more

Correction, April 1, 9:19 a.m. PDT: "60 Minutes" made a mistake in using a photograph in its story called "The Internet is Infected." The picture was described in the story as a group of young Russian computer hackers, which was inaccurate. The picture, provided to the CBS television news magazine by an Internet security company, had appeared on a Russian hacker magazine Web site.

The following is the updated, corrected transcript and video of the "60 Minutes" report on Internet viruses that aired Sunday.

The Internet is infected. Malicious computer hackers have … Read more

A correction was made to this story. Read below for details.

A decade ago there was no Facebook, no iPhone, and no Conficker. There was dial-up and AOL and a nasty virus called Melissa that ended up being the fastest spreading virus at the time.

CNET News talked to Dmitry Gryaznov, a senior research architect at McAfee Avert Labs who was among the researchers who worked to fight the Melissa outbreak and track down the creator.

Q: How was Melissa discovered? Gryaznov: Avert as a whole discovered it as did some of the competitors. It was submitted to us by … Read more

You'd think the British government would be up on the latest and greatest security practices, but apparently even officials there have their problems.

The U.K. parliament's computer network has been infected with the Conficker worm, according to the Dizzy Thinks blog.

In his own blog post, Trend Micro security researcher Rik Ferguson questioned the security practices that could have allowed Conficker onto such hallowed turf. "Dear Parliament, if you are having trouble cleaning this up, give us a call, we'll come and do it for nothing," he offers.

Below is the text of the … Read more

There's been lots of hype about the fact that the latest variant of the Conficker worm is set to start communicating with other computers on the Internet on April 1--like an April Fool's Day time bomb with some mysterious payload.

But security researchers say the reality is probably going to be more like what happened when the clocks on the world's computers turned to January 1, 2000, after lots of dire predictions about the so-called millennium bug. That is, not much at all.

"It doesn't mean we're going to see some large cyber event … Read more

Security experts warned on Monday of a new insidious e-mail scam that features false information about a bomb explosion in the recipient's hometown and leads to a malicious Web site.

The subject lines include "Take Care!" and "Are you and your friends in good health?" The e-mail includes a link to what looks like a news article on a Reuters page about the bombing. But the Web page and the news are fake, according to e-mail security provider Marshal8e6 and antivirus firm Sophos.

The scammers are using IP address geolocation techniques to figure out what … Read more