Conficker Judgement Day on April 1st

[Bugbatter]

Bits from Bill
If your machine doesn't already have all the Windows security patches installed, I'd unplug from the Internet on April Fools Day.
Getting a new computer?  If a new un-patched computer arrives on that day I'd wait until the 2nd before connecting it to the Internet.

Complete Article HERE

.....and don't forget, because of time zones, the real danger begins March 31.  ;)

[Bugbatter]

In case you missed this evening's CBS report on Conficker, here it is:

The Conficker Worm: What Happens Next?
60 Minutes: Computer Worm Could Receive New Instructions On April 1
http://www.cbsnews.com/stories/2009/03/27/60minutes/main4897053_page3.shtml

Thank you Corrine  :)

[Dragan Glas]

Greetings,

This may prove of interest to the "whitehat" community:

Busted! Conficker's tell-tale heart uncovered

Kindest regards,

Dragan Glas

[Bugbatter]

If you need malware removal tools type the URL of your vendor of choice directly into the browser bar and use links on their website. Do not rely on Google search results at this time, as they may have been “optimised”.

Careful what you click on, these Google results are loaded!

Complete Article Here:
http://countermeasures.trendmicro.eu/poisoned-downadconficker-removal-searches/

[Bugbatter]

      
Sophos Video: Conficker and April 1st

http://www.sophos.com/blogs/gc/g/2009/03/31/video-conficker-april-1st-fuss/

[faith_michele]

Here is another removal tool from Sunbelt (free).

Sunbelt Conficker/Downadup Removal Tool

Version: 1.2, updated: 3/24/2009

The Sunbelt Conficker/Downadup Removal Tool can be used to detect and clean the majority of Conficker/Downadup variants from infected client PCs. It can be run either as a standalone removal tool or as a supplement to VIPRE and CounterSpy.

To do its job, this removal tool must be installed and run on the actual PC that is infected; it cannot clean the worm remotely across a network.

To use the removal tool (SSClean.exe) on an infected PC, do the following:

1. Unzip the file SSClean.exe from Conficker_SSClean.zip into a familiar folder (e.g. My Documents) on an infected PC.
2. Disconnect the infected PC from the network.
3. Run SSClean.exe and click "OK" to begin scanning the system.
4. Reboot the PC when prompted by SSClean.
5. After rebooting run SSClean.exe for a second time.
6. Reboot the PC again as prompted by SSClean.

At this point the PC should be free of the Conficker/Downadup worm. If you continue to see signs of infection, please contact Sunbelt Support for assistance.

Note: You should run SSClean twice to ensure a full removal of the worm. If SSClean crashes while scanning the infected system, simply restart SSClean and scan again.

http://www.sunbeltsecurity.com/DownLoads.aspx

[AbuIbrahim12]

Has the Conficker virus turned out to be an anticipated April fool's day prank after all?

As the April fool's day eve has gone by, there aren't any reports of any malicious action having taken place. However, experts are saying that it may not be the time yet to lay back and relax....
http://www.techtree.com/India/News/April_1_is_Here_Wheres_Conficker/551-100668-582.html
http://www.efluxmedia.com/news_Confickerc_April_1_Activation_Goes_By_Quietly_36448.html

A lot has already been written about Conficker. There had been excellent analysis reports published by SRI, The Honeynet Project and others. Vinay Mahadik and I would like to present some findings on the network aspects of the Conficker.C behavior.

We setup a small testbed that had a machine infected with Conficker.C in a controlled environment; and another Linux box that was customized for packet mangling. This enabled us to intercept or mangle the packets exchanged between the infected machine and the outside world. We monitored the activity of the infected host over several days. We classify the test into two phases: Pre- April 1st and the April 1st phase.
....
Full article:  http://www.trustedsource.org/blog/216/ConfickerC-Over-The-Wire

[AbuIbrahim12]

Removal tools from other vendors:
Sophos:  http://www.sophos.com/support/knowledgebase/article/54457.html
Kaspersky:  http://support.kaspersky.com/faq/?qid=208279973
ESET:   http://www.eset.eu/encyclopaedia/conficker_aa_trojan_win32_agent_bbof_w32_downadup_b_w32_conficker_worm_gen_a
F-secure:   http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml
Symantec:   http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99
Mcafee:   http://majorgeeks.com/McAfee_AVERT_Stinger_Conficker__d6157.html
Trendmicro:  https://securecloud.com/support/sysclean
Ahnlab:  http://global.ahnlab.com/global/file_removeal_down.jsp?filename=12371830475821&down_filename=v3conficker.zip
MSRT:   http://www.microsoft.com/security/malwareremove/default.mspx

More info:
http://isc.sans.org/diary.html?storyid=5860

[quietman7]

There are reports of some spam "April Fools" hoaxes circulating attempting to alarm users.
http://www.f-secure.com/weblog/archives/00001645.html
http://blog.trendmicro.com/strange-april-foolsd-day-prank/

[faith_michele]

Interesting -

Conficker Fears spread fake AV products -

Gary Warner, 7 April 2009

http://garwarner.blogspot.com/2009/04/conficker-fears-spread-fake-av-products.html