Conficker C: Update April 1st
Update May: Click here for Free Conficker Removal Tool for PC's and Networks
Update: Conficker has started it's routine, it has activated although nothing has happened as of yet.
More details from F-secure here
Conficker C will have little or no impact on the majority of users who have installed Microsoft patches and updated their security software.
Those most at risk are the ones who have not updated!
Computer experts around the world are still trying to determine whether infected computers will join together to form a botnet, which is a network of computers acting as one, on April 1 and be used to spam high profile websites.
That process itself could cause problems for the targeted site by making it impossible to access.
Millions of computers have been infected by the Conficker worm, including close to 1,000 computers within the network that serves England's House of Commons.
Only compromised machines still linked in to the Conficker botnet will be affected by anything the worm is instructed to do.
It is already known that this worm can stop access to security providers, shut down security services installed, remove Restore Points and much more.
Conficker does have a weakness that can be used to distinguish between patched computers and infected computers that look patched, and researchers have released a 'proof of concept' scanner that can be used to detect Conficker.
The tool is being integrated into the free nMap vulnerability scanner, as well as scanning tools from companies including Qualys, nCircle, and Tenable.
The tools are designed for use by network administrators at companies and not consumer users although consumer tools are being constantly updated.
Current quotes are that 54% of infected computers are in China, Russia, India, Brazil, and Argentina, but that also means that 46% are elsewhere.
None of us know just what commands are going to be sent to the 'bots', but it will not just be April 1st, it is expected to continue for a few weeks after that with April 1st being the start, and for some that time is coming pretty quick.
If users notice that their computers automatic updates are suddenly disabled, or security related websites are failing to load properly, that could be a sign that the Conficker worm is in their computer, try going here to F-Secure.
Install Microsoft security update MS08-067, the patch must be applied before attempting to clean systems and run Microsofts worm-removal software, type mrt into the Run command box.
Keep away from known dangerous sites, use the Web of Trust addon to help recognise them and be extremely cautious of 'conficker removal' sites
Further details of Conficker C can be found here.
F-secure update April 1, Conficker in South Korea
Further advisory material including details of detecting and containing Conficker can be found here
Update May 2009: Many new malware variants block access to security sites or block security programs from running and / or updating.
This in turn makes users believe that they may have the Conficker worm, they don't.
Click here: Rename EXE Files and clean Hosts to repair
Related articles:
Conficker C: Update April 2, April 3
Conficker C: D-Day is Coming
Conficker / Downadup Removal
Surf Safer, Surf with WOT - Click Here or the links below
Web of Trust for Internet Explorer
Web of Trust for Firefox
Web of Trust for Google Chrome
Free PC Security, Conficker C, Unpatched Windows Systems, nmap, Security Sites, Windows Patch, Vulnerability
