$250,000 for Conflicker Maker?
Posted by Hari Saryono on 17 March 2009
On February 12, 2009, Microsoft announced a U.S. $250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet. Microsoft’s reward offer stems from the company’s recognition that the Conficker worm is a criminal attack. Microsoft wants to help the authorities catch the criminals responsible for it. Residents of any country are eligible for the reward, according to the laws of that country, because Internet viruses affect the Internet community worldwide.
What kind of virus is it? Why Microsoft willing to pay a large sum of money?
Conficker, also known as Downadup or Kido, is the latest super virus to spread around the Internet and has security experts in a panic. When last we checked, about a week ago, Conficker had already spread to 9 million PCs, with little sign of slowing. Now it has infected at least 10 million PCs and experts believe there may be up to 350 million vulnerable computers out there.
The worm isn’t just exploiting a networking hole, however; it features a sophisticated method of cracking administrator passwords, making it difficult to remove, and also copies itself to USB drives so that it can spread even when the online flaw is plugged.
What havoc has it wreaked so far?
So far this schizophrenic virus hasn’t caused any serious damage. Its primary effect has been to prevent people from installing Windows updates and anti-virus software that could potentially thwart the malware. What worries security experts, though, is Conficker’s ability to launch a second stage, downloading additional code that could hijack computers completely, steal personal information, or commit basic extortion — demanding money for fake anti-virus software claiming to remove the infection.
How do you know you have it? What are the symptoms?
Since it is currently sitting dormant, possibly awaiting further instructions, Conficker is very difficult to detect without running an up-to-date virus and malware scanner. However, if your Internet connection is running abnormally slowly, if services such as Windows Defender is disabled, or if you are unable to access some security-related Web sites (like those for anti-virus programs), then you may be infected and should certainly follow the removal directions included below.
Is it the biggest virus ever?
Conficker has certainly spread far and wide, and gathered its fair share of media attention, but is it the biggest virus ever? That remains to be seen. It is certainly the biggest threat to personal computer security to come along in the last few years and would easily claim a spot on our list of the 15 Sneakiest Computer Viruses.
Conficker uses a system of programmatically-determined and time-dependent domain names in an attempt to ensure that an infected machine can reconnect with a control server. Conflicker uses control servers to provide fresh instructions and updated software to systems in the botnets.
Earlier versions of Conficker generated 250 possible domain names per day, and attempted to contact all of them. An informal group led by Microsoft and involving domain registrars, security companies and others have been taking up these domains before the people behind Conficker can register them.
The latest version generates 50,000 domain names per day, though any particular instance makes a random selection of 500 names from that list and attempts to contact servers with those addresses.
It also takes steps to conceal its activity. Where the original Conficker issued DNS queries at five-second intervals, the revised malware waits a random period between 10 and 50 seconds. The absence of a simple pattern makes it less likely that the activity will be detected by automated tools.
In addition, the changes mean that Conficker now only makes up to 500 DNS queries per day compared with the previous 3000.
What can you do to stay safe?
- Download Bitdefender Anti conflicker or use Mc Afee tool. Read here
- download Windows Patch from http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
- Unplug your internet connection and run both program above
- Kill your CD and flash disk autorun. You can use USB Vaccine to do so. Read here
- Change your password to be more secure. See Guideline here
- (NEW) You can try Indonesian Conflicker Scan, fastest scan i ever met
Will it strike again? If so, where and how?
It’s impossible to know if and when Conficker will strike again, especially since it is still running free and has yet to reveal its true purpose. Since Conficker is capable of downloading additional malicious code, it is also capable of self-updating. This function allows the worm to take advantage of other security holes once the ones it currently exploits are closed.
Potentially, Conficker could hang around for a very long time, or resurface in a slightly different form down the road. Knowing exactly when or where Conficker will rear its ugly head is simply impossible, but you can keep yourself safe by making sure your PC and security software (that includes anti-virus, spyware tools, and firewall) are up-to-date. Also, be sure to practice good browsing habits: avoid opening e-mail attachments from unknown addresses, don’t download software from questionable sources, and stay away from sites whose security and legitimacy are uncertain.