Topic: Conficker to activate on 1 April

[Clive]

Prepare for a nasty shock on April Fool's day, security experts have warned.

That's because the Conficker worm, otherwise known as Downadup, is set to activate on 1 April.

A variant of the worm known as Conficker C is the focus of security experts' attention and is thought to have infected millions of PCs worldwide without the knowledge of their owners.

What is not clear is what exactly will happen.

Predictions range from a massive DDoS (distributed denial-of-service) attack on a major website or social network to a widespread wiping of hard disks on the PCs it has infected.

However, it could be far less serious.

"Speculation continues on whether the payload will be one big April Fool's joke, or the equivalent of a cyber Pearl Harbor," said Symantec's Eric Chien.

"While we can't predict the future with certainty, we can look at the motivations of past Downadup variants to postulate that the payload will likely be something between the two extremes," Chien continued.

According to Symantec, the amount of media attention Conficker C is receiving could affect what happens on 1 April.

"Considering the amount of eyes now watching Downadup's every move, we also can't underestimate the chance that the authors may veer from their original motives," Chien said.

If you suspect you have been infected by the Conficker worm, you should make sure your anti-virus application is up to date, restart your PC in Safe Mode, and run a full system scan.

Trend Micro has also come up with a free tool to remove Conficker available to anyone, not just Trend Micro customers.

[Simon]

It would probably be worth running Trend's tool at least daily for the time being.

[Simon]

I couldn't actually find the Trend Micro tool, but F-Secure have one:

http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml

[TR]

Or this This one 

[Simon]

Thanks Terry, that looks handy too. 

[Clive]

Conficker sparks into life

The Conficker worm has come to life after several days of inactivity, security experts have said.

It is downloading a mysterious data package that could contain instructions for a widespread attack on the web by Conficker, also known as Downadup.

Trend Micro spotted the data package after setting up a 'honeypot' - a PC that has a variant of the worm installed but is closely monitored by its researchers.

"Last night we saw a new file in the Windows Temp folder. Checking on the file properties reveals that the file was created exactly on 7 April, 2009 at 07:41:21," said Trend Micro's Ivan Macalintal.

Though it isn't clear what exactly the data package does, as it is encrypted, the company said it was able to work out a few things about it.

"It also does not leave a trace of itself in the host machine. It runs and deletes all traces, no files, no registries," Macalintal said.

There is also a theory developing that it could be related to the Waledac botnet.

[sam]

Researchers say Conficker is all about the money

The Conficker worm that has infected millions of Windows-based computers will likely be used to send spam and steal data much like one of the nastiest botnets on the Internet does, researchers said on Thursday after finding links between the two worms.

http://news.cnet.com/8301-1009_3-10216205-83.html

[Simon]

I've done several test and all come up clear.  To be honest, this is only going to affect those who have weak security and haven't done their Windows Updates since last October, isn't it?

[sam]

I would have thought so....

[Simon]

So, no one here then. 

[GillE]

Another Millennium Bug?  Let's hope so.

[sam]

no it won't affect the date just act like malware.



Actually on the date issue there is a much worse problem than the Y2K problem - Year 2038 problem

The year 2038 problem (also known as Unix Millennium bug, or Y2K38 by analogy to the Y2K problem, known as the millennium bug) may cause some computer software to fail before or in the year 2038. The problem affects all software and systems that store system time as a signed 32-bit integer, and interpret this number as the number of seconds since 00:00:00 January 1, 1970.[1] The latest time that can be represented this way is 03:14:07 UTC on Tuesday, 19 January 2038. Times beyond this moment will "wrap around" and be stored internally as a negative number, which these systems will interpret as a date in 1901 rather than 2038. This will likely cause problems for users of these systems due to erroneous calculations.

http://en.wikipedia.org/wiki/Year_2038_problem

[Rik]

I'll be 90 then, Sam, so I'll not worry too much.

[sam]

yeah but how will you be able to play your vintage mp3s? 

[Simon]