Archive for the Category ◊ conflicker ◊

Virus News – Macs are not Immune, Conficker Update
Tuesday, April 28th, 2009 | Author:

Macs not as safe as some like to think

Symantec researchers believe they have found evidence of a virus that is specific to the Macintosh computers. Some experts are not sure of the actual threat to Mac Users. The interesting thing is that Mac users have always bragged about how safe their Macs are compared to PCs. You have probably even seen the commercials that try to pound PCs into the ground.

The virus (just like many viruses on the PC side of things) is downloaded along with a pirated or illegal copy of legitimate software. The type of virus is called a botnet, which gets on the computer, and can get out onto the internet, and cause a distributed denial of service (DDos) attack.

The way this attack works is a bunch of computers keep going to a website or sites, over and over. With thousands of computers doing this, it blocks anyone from getting to that site.

Many Mac experts are downplaying this and saying the media attention is not necessary. Many are also saying the Mac is still safe, and security software is not needed. Good luck with that!

Conficker – We are not out of the woods yet

Reports are that the Conficker virus is infecting more computers, and could possibly do more on May 1st. I wrote about this in an entry in March. April 1st has come and gone, and most people think it was just a scare. This particular worm is more of a long-term, slow acting virus. There are three parts to this virus, and the one that has my attention is the last one which has to do with your computer and not stuff it will do to others on the Internet.

Here is a quote from Fox News online, ” Conficker also carries a third virus that warns users their PCs are infected and offers them a fake anti-virus program, Spyware Protect 2009 for $49.95, according to Russian-based security researcher Kaspersky Lab. If they buy it, their credit card information is stolen and the virus downloads even more malicious software.”

Interestingly, I have seen very similar malware on many machines this month. I cannot say it was this virus, but it is interesting that the malware I have been cleaning was similar, and most of the customers had valid, up to date virus protection. They could have been “drive by” type viruses, but there is also a chance the malware was hidden in the Conficker virus. Once these machines are cleaned up, it is really hard to tell, because all traces are gone.

Check out the link to see if you have the conficker virus on your system if you have not already.

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

You can safely click on the link below, to test and see if you have the conficker worm on your computer. A working group has been assembled in to collaborate efforts with technology industry leaders and academia to implement a coordinated, global approach to combating the Conficker worm.

How does this work?

This works by trying to load several pictures from Security Websites. If the top pictures do not load, you may have the virus. That is one of the traits of the conficker, is that it will block you from going to these type of sites. The bottom 3 pictures are from non-security sites, so they should always load.

If you only see some of the pictures, check below the chart for an explantion. Also try hitting F5 to refresh your broswer to see if they load, as you know the browser sometimes does not get all the pictures when you go to a site the first time.

If you get all 6 pictures on the Eye Chart, you are good!

Run the Test!

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

You can also check out the approximate map of infected computers throughout the world!

http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionDistribution

Several Internet security firms have confirmed that the “conficker” worm is set to go off in possibly millions of computers on April 1st. This virus has been around for a few months and is picking up steam. Many times viruses like this can lay dormant in your computer and pop up on a set date. The Aprils fool day has always been popular amongst virus makers.

There are a lot of theories and suggestions of what it could do. The main thing this virus does is allows many computers to attack or “flood” the internet all at the same time, causing what is called denial of service attacks.

Basically it would be like everyone getting in their car and driving down to main street, and trying to drive. Too many cars, not enough road. This is the same concept. The main difference is, you would know if you were driving downtown, in fact more like someone stole your car to drive down there. Your computer just sits there, and you might not even know it is involved in causing the problem!

Here are a couple of things to make sure you do before April 1st:

Check your antivirus program and make sure it is up to date and working. It should be down in your system tray near your clock. Double click on it, ( all the top programs Trend Micro, Norton, McAfee, F-Secure) show you that everything is working or lets you know if there are problems. Most of them have a FIX it button, just click on that if it shows problems.

Second, run a full scan. Many of the programs run a quick scan. On Trend for example, if you open it up and see the scan button, just to the right is an arrow. Click on the down arrow, and choose FULL SCAN. Run that baby and delete any bad stuff it finds.

Lastly Make sure your Windows Security Updates are up to date! You can click here to check Microsoft Updates

If you do not have the worm, there is nothing to worry about. But it is better safe than sorry when it comes to viruses on computers. The biggest threat is to people who are not protected with Internet Security Software, theirs is not working or it is expired.

Here are a couple articles explaining more about the virus.

Microsoft

Fox News