Free Republic

When the Conficker computer “worm” was unleashed on the world in November 2008, cyber-security experts didn’t know what to make of it. It infiltrated millions of computers around the globe. It constantly checks in with its unknown creators. It uses an encryption code so sophisticated that only a very few people could have deployed it. For the first time ever, the cyber-security elites of the world have joined forces in a high-tech game of cops and robbers, trying to find Conficker’s creators and defeat them. The cops are failing. And now the worm lies there, waiting … The first surprising...

Insight: Did Conficker help sabotage Iran's nuke program?By Jim Finkle Fri Dec 2, 2011 5:23am EST (Reuters) - A cyber warfare expert claims he has linked the Stuxnet computer virus that attacked Iran's nuclear program in 2010 to Conficker, a mysterious "worm" that surfaced in late 2008 and infected millions of PCs. **SNIP** The operators communicated with Stuxnet-infected computers over the Internet through servers using fake soccer websites that they built as a front for their operation: www.mypremierfutbol.com and www.todaysfutbol.com. If Iranian authorities noticed that traffic, they would be deceived into assuming it was from soccer fans, rather than suspect...

SAN FRANCISCO (AFP) – A unified effort has lopped the head off a treacherous Conficker computer worm but the malicious computer code lives on in infected machines. A Conficker Working Group report available online on Tuesday said the alliance has prevented the people who released the worm from using it to command computers as an army of machines referred to as a "botnet." "Nearly every person interviewed for this report said this aspect of the effort has been successful," the group said in a summary of its findings. The group considered is biggest failure as "the inability to remediate infected...

Conficker is a computer worm which has been infecting PC's on the Internet since November 2008. Worryingly, nothing is publicly known of its mission, because it has yet to do anything of great note. Conficker is building and maintaining a powerful network of enslaved computers, and machines infected with the worm can be made obey the whims of Conficker's unknown commanders. Its advanced peer-to-peer networking design makes the program's control network difficult for Internet providers to shut down. Today this strange worm constitutes a powerful overlay of control across an unknown vastness of Internet-connected computers. With the exception of distributing...

More than a year after doomsday reports hinted that the Conficker worm would bring down the Internet, one-in-10 Windows PCs still have not been patched to plug the hole the worm wriggles through, new data shows. And 25 of every 1,000 systems are currently infected with the worm. According to Qualys, a security risk and compliance management provider, about 10% of the hundreds of thousands of Windows systems it monitors for customers have not yet applied Microsoft's MS08-067 security update. MS08-067, an out-of-band release that shipped in October 2008, patched a bug in the service Windows uses to connect to...

Friday, May 1, 2009 Summarizing Zero Day's Posts for April The following is a brief summary of all of my posts at ZDNet's Zero Day for April. You can also go through previous summaries for March, February, January, December, November, October, September, August and July, as well as subscribe to my personal RSS feed or Zero Day's main feed. Notable articles include: Google's CAPTCHA experiment and the human factor; Conficker's estimated economic cost? $9.1 billion and Twitter hit by multiple variants of XSS worm.

A computer worm that has alarmed security experts around the world has crawled into hundreds of medical devices at dozens of hospitals in the United States and other countries, according to technologists monitoring the threat. The worm, known as "Conficker," has not harmed any patients, they say, but it poses a potential threat to hospital operations. "A few weeks ago, we discovered medical devices, MRI machines, infected with Conficker," said Marcus Sachs, director of the Internet Storm Center, an early warning system for Internet threats that is operated by the SANS Institute.

In a recent blog post, the Cyber Secure Institute claims that based on their previous studies into the average cost of such malware attacks, the economic loss due to the Conficker worm could be as high as $9.1 billion. Despite that their analysis also considered a much limited infection rate (200,000 infected hosts), they claim that the cost of the virus in this case is still around $200 million. The research excludes an important fact though - not only is Conficker still active and infecting, but also, according to the most recent infection rate estimate courtesy of the Conficker Working...

BOSTON (Reuters) - A malicious software program known as Conficker that many feared would wreak havoc on April 1 is slowly being activated, weeks after being dismissed as a false alarm, security experts said. Conficker, also known as Downadup or Kido, is quietly turning thousands of personal computers into servers of e-mail spam and installing spyware, they said. The worm started spreading late last year, infecting millions of computers and turning them into "slaves" that respond to commands sent from a remote server that effectively controls an army of computers known as a botnet. Its unidentified creators started using those...

Researchers have discovered another feature of the Conficker worm that provides an additional clue about the intent of the creators--the worm installs malware that masquerades as antivirus software, Trend Micro said on Friday. The worm, which has infected millions of Windows-based computers on the Internet, is downloading a program called Spyware Protect 2009 and displaying warning messages saying that the computer is infected and offering to clean it up for $49.95, according to the Trend Micro blog.

The Conficker/Downadup worm is on the move again. After a relatively uneventful April 1, on which the worm began widening the number of Web sites that it scanned for instructions, a new Conficker variant has emerged and appears to be preparing to spam and steal information. Symantec (NSDQ: SYMC) said the new Conficker/Downadup variant .E is designed to update version .C rather than the first-generation .A variant. "In actuality, the primary objective is to update .C with the new features discussed during the briefing and drop Waledac binary onto the .C infected machines," a company spokesperson said in an e-mail.

The Conficker worm has started to update infected machines with a mystery package of data. Computer security firms watching the malicious program noticed that it sprang into life late on 8 April. The activity on its update system delivered encrypted software to compromised machines. It is not yet clear what the payload contains. The Conficker virus variants are thought to be present on millions of PCs around the world. Spam connection The updating activity has begun about a week later than expected. Analysis of the "C" variant of Conficker (aka Downadup) revealed that its updating mechanism was due to go...

In this episode of the Conscience of Kansas radio program, we talk about the softening of the wording in regards to terrorism from the Obama administration. We also talk about the conficker virus and the automobile bailout and the state of the economy. We welcome "Rhonda on her Soapbox" from RestrainedNomore.com on the program. We invite you listen and comment on the show!

As expected, the Conficker worm failed to cause the digital pandemonium that some may have feared. So, can we all just go back to playing on Facebook and watching the game now? Not really. Just because the worm failed to create much of a stir on the day it was set to activate, April 1, doesn't mean it won't wake up and act later. "The (malicious) hackers can tell their worm to do something any day of the year; they're just as likely to do it tomorrow or next Wednesday or in August," said Graham Cluley, a senior technology...

Even worm creators write buggy software. Once it infects a computer, the Conficker worm closes the hole in Windows that it used to get onto the system so no other malware can get in. This also makes it difficult for organizations to detect which computers have the legitimate Microsoft patch and which have the fake Conficker patch. However, Conficker's "patch" has a weakness that can be used to distinguish between patched computers and infected computers that look patched, according to the nonprofit Honeynet Project. Some of the researchers have released a proof-of-concept scanner that can be used to detect Conficker....

Conficker Eye Chart

LISTEN!! THE CONFICKER WORM IS A DISTRACTION! ITS JUST A HARMLESS WORM! THE REAL VIRUS HAS ALREADY BEEN PUT INTO THE MATRIX LAST WEEK!! YES!!! ITS A VIRUS CALLED MESSIAH!! ITS SET UP BY THE FEDERAL GOVERNMENT SO THAT BARACK OBAMA CAN TAKE OVER ALL OF OUR COMPUTERS AND READ OUR MINDS!!!! YES!!! IT CANT BE DETECTED! ITS TOO LATE TO REMOVE IT NOW!!! BARACK OBAMA IS GOING TO CONTROL ALL OF THE INTERNET AT 9:45 PST!! HES GOING TO BE WATCHING US ALL AND..... Hello! Im Barack Obama! I am Jesus Christ! Don't pay any attention what was said....

The conficker worm, aka:Downup, Downadup and Kido, is scheduled to become active at 00:01:00 AM on 04/01/09. It's a complete unknown and has many experts worried. If you aren't sure about being protected on your Windows machine, please download the FREE application from Microsoft called Windows SteadyState , and install it. It only takes a few minutes, it's very easy and simple, and it will protect your hard drive. I use it on my XP Box and my Wife's Vista laptop, and I know it works. Download it, click to install, open it, and select "User Restrictions", and (if...

Researchers find super worm cure, just in timeSecurity experts have made a breakthrough in their five-month battle against the Conficker worm, with the discovery that the malware leaves a fingerprint on infected machines that is easy to detect using a variety of off-the-shelf network scanners. The finding means that, for the first time, administrators around the world have easy-to-use tools to positively identify machines on their networks that are contaminated by the worm. As of mid-Monday, signatures will be available for at least half a dozen network scanning programs, including the open-source Nmap, McAfee's Foundstone Enterprise and Nessus, made by...

As computer security firms play down the risk posed by the Conficker/Downadup worm, the Department of Homeland Security on Monday released a DHS-developed detection tool to help organizations scan for computers infected by the worm. The DHS US-CERT team created worm-scanning software for federal and state government agencies, commercial vendors, and critical infrastructure owners. It's being made available through the Government Forum of Incident Response and Security Teams Portal and to private-sector partners through various Information Sharing and Analysis Centers.