Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Tuesday, March 24, 2009

Conficker Judgement Day on April 1st

I would never want to be labeled as an “Alarmist’ but I hope my post today will make some folks take some reasonable steps to protect themselves.  After a lot of research and debate I have been convinced that April 1st is not going to be a good day for the Internet.


I’ve written about the Conficker worm (alias Downadup) a number of times and this may not be the last time I mention it.  There are well over a million Windows PC’s which are currently infected with Conficker.  On April 1st the infected machines will be reaching out to number of web domains to download an additional component which will contain new instructions. How Conficker will mutate is anyones guess. It could be anything from turning a machine into a spam-bot or launching a widespread cyberterror attack. My guess it will be something designed to make money.


Reverse engineering Conficker exposes April 1st
Reverse Engineering Conficker

Complements of Zarestel Ferrer


April 1st will be a day that shows us who's winning the battle against malware.  If your machine doesn't already have all the Windows security patches installed ,I'd unplug from the Internet on April Fools Day. Getting a new computer?  If a new un-patched computer arrives on that day I'd wait until the 2nd before connecting it to the Internet.


So, if you’ve been planning on running the Windows Update service, this would be a good week to do it. If you don’t have a routine back-up plan you might want to back up your important data by the end of the month.


I’m really not trying to be Chicken Little and freak people out. I’m not predicting any kind of global outage. I’m just suggesting that a properly patched Window system is good idea. I’m also not trying to scare you into upgrading to my WinPatrol PLUS to protect yourself. The free version offers just as much protection against this threat.  The key point here is to make sure you have all the security patches available for free from Microsoft.

I’m actually flying to Washington Dulles Airport on April 1st so I really hope that United Airlines has all their systems protected. 

Update: Real Conficker Danger is on March 31st
It's important to point out that April 1st begins earlier in other parts of the world.  We'll be watching for activity to begin on March 31st from Austrailia, China, Japan, etc...

Update 3/29: Conficker Fact or Fiction


References:


SRI International Conficker C Analysis March 19th, 2009

CA Security Research Blog

The Last Watch: Countdown to Conficker...

Internet Storm Center: Third party info on conficker

Microsoft: Virus alert about the Win32/Conficker.B worm

Microsoft’s Malicious Software Removal Tool

Microsoft Security Bulletin MS08–067  October 23rd, 2008

F-Secure WebLog Conficker Q&A  March 26,2009

Leaked Memo says Conficker Pwns Parliament

 

Labels: , ,

Share on Facebook


10 Comments:

Blogger Big Geek Daddy said...

I don't think you can ever be called Chicken Little when it comes to warning people about computer security. Keep up the good work!

10:41 PM  
Blogger Unknown said...

Minor point-your email refers to this as 'Conflicker', not 'Conficker'.

9:24 AM  
Blogger Unknown said...

Hi Bob! Thanks for pointing it out. Unfortunately, I didn't pick the title that went out with the PC Pitstop newsletter.

Bill

9:27 AM  
Anonymous Bravenet Community Blog said...

Thankyou so much for this alert! I had no idea something like this was going on. I run a community blog for users on another site, and thanks to you, I've been able to warn everyone about this worm.

4:23 PM  
Anonymous Anonymous said...

Millennium bug paranoia all over again?

8:32 PM  
Anonymous Anonymous said...

How can I give any credibility to someone who's not even smart enough to spell "judgment" correctly?

2:52 PM  
Blogger Unknown said...

Funny you should mention it. Apparently there is some debate on thie variation of Judgment. I went with the Merriam-Wester Dictionary who said it was fine to include the "e". I don't claim superior intelligence to anyone but I do put some effort into confirming the information I post.

Thanks!
Bill

6:41 PM  
Anonymous Anonymous said...

I've always spelled it with an "e". I'm English.

12:09 AM  
Anonymous Conficker virus said...

I have found it to be very tough to find a tool to detect the conficker virus... there out there but tough to find.

1:15 AM  
Anonymous Anonymous said...

is this a spelling bee or a helpful warning of a threat? in my opinion i wouldnt care if it was written in ebonics as long as i was warned!

6:19 AM  

Post a Comment

<< Home