[blitzkreig]

The Conficker worm that has left a trail of destruction in its wake for the last six months is set for a new evolution April 1 that will enable it to stealthily launch a variety of malware attacks unbeknownst to the security community.

Security experts say that the new Conficker variant, which has infected at least 12 million users around the globe since its creation in October, will contain a new update mechanism that will allow it to communicate with its command and control centers to upload new marching orders and launch attacks at will.

Part of the new update will include a refreshed ability to dodge scrutiny from the security community, which has thus far been able to intercept communication between the worm and its domains. After April 1, however, the new Conficker variant will contain code that will prevent the security community from blocking updates.

"The Internet as we know it will still exist," said Paul Henry, security and forensic analyst for Lumension Security. "But what (the security community has) been doing will no longer work after April 1. There's great concern in the security community because they're no longer able to block the command and control communication of this botnet."

Like other renowned worms, Conficker relies on numerous attack vectors to self-replicate and spread, using such techniques as brute force password guessing to propagate throughout a network.

The latest and most sophisticated variant -- Version C -- of the Conficker worm, was renowned for infecting copious networks via peer-to-peer networks and USB drives. It also added numerous defensive measures designed to evade detection and removal by disabling Windows Automatic Updates and Windows Security Center. In addition, version C had the ability to block access to several security vendors' Web sites while rendering numerous antivirus products useless.

Source-http://www.osnn.net/comments.php?shownews=15357

[Jason08]

Thanks for sharing.

[blitzkreig]

I believe something like the variant C affected me.... I really could not go to the security vendors websites, this thing didn't even allow me to use tech support guy, yahoo answers. The malware is designed in such a way that prevents the access of the infected computer to forums which can provide useful and important tips for its removal. I couldn't do much to remove it... I really don't know what I did but it doesn't exist on my pc anymore

[perfume]

Dear srprashant,
Your original post was excellent! I don't now whether to hug you or slug you,because your presentation was good and at the same time put the fear of God in me!lol. Why did you state your experience as "Beginner"? Should be "intermediate at the least"!

I think peer-to peer now becomes a real,real danger and thank God i did all my downloading from mu-torrent long before the music industry and these malware brains were fast asleep! I did download using mu-torrent(Why hide it?), but stopped long time back!

All the people using any kind of peer -to-peer softwares are really in danger, so please STOP the TEMPTATION TO DOWNLOAD! USE THE LEGAL WAY TO DOWNLOAD,it's cheap and keeps you safe!

[TOGG]

I don't wish to add to the general paranoia or panic about Conficker C, but there is a very interesting 'Techie' analysis of it here; http://mtc.sri.com/Conficker/addendu...tall-obfuscate

As I understand everything I have read about it so far, nothing dramatic will happen on 1st April, except to computers that are already infected with it. For everybody else, the effects will be felt when this group of infected computers is directed to do whatever the authors of Conficker have in mind.

What that might be is anybody's guess and I for one don't propose to speculate (although the 'usual suspects' would be denial of service attacks and identity theft for financial gain etc.)

[JamesFrance]

Most antivirus seem to detect it now:

http://malwareresearchgroup.com/?p=756

[golferbob]

download and run mcafee stinger. it will take conficker out of your system.


http://www.majorgeeks.com/McAfee_AVE...er__d6157.html

[Blackmirror]

The most important thing you can do is keep updated with windows updates and AV /Spyware protection

[TOGG]

If you aren't already infected Blackmirror is quite right. However, if Conficker is as bad as it is described in the article I linked to, anybody that already has it will not be able to update their AV or download removal tools from the majority of security sites (see the 'Security Product Disablement' section; http://mtc.sri.com/Conficker/addendu...tall-obfuscate )

[blitzkreig]

this variant c tries to block ur security products access to its update servers, I guess I deleted the bad entries manually

[blitzkreig]

I shouldn't be mentioning this here... but I did try downloading this n*** burning software torrent... this was the root cause of all misery :'(