Conficker C: Update 3 – April 3rd

This post was written by admin on April 1, 2009
Posted Under: Conficker, Free PC Security, Free Tools

Update May: Click here for Free Conficker Removal Tool for PC's and Networks

Update April 3:
World map of Conficker infected machines

Further maps can be found at Conficker Working Group

Security sites are blocked by Conficker so you won't be able to connect to them for removal tools.

At present there are TWO that you can connect to:
Click here for fsecure
Click here for BitDefender

Update April 2:
If you think you may be infected with Conficker click here for a visual check.

If you are infected there is a full list of third party removal tools provided by The Internet Storm Center/DSHIELD

Then apply the Microsoft Patch through WindowsUpdate

Update April 1:
Computer security experts all around the world watched the arrival of Conficker C as it started to modify itself to make it more difficult to stop as it delved deeper into infected computers with the arrival of the April 1st trigger date.

As was expected the worm started in the East and moved toward the West passing through each time zone which triggered the activation.

Threat experts have said that the internet will not be going into meltdown but are no wiser as to what instructions it will receive over the coming weeks from the creators of this mass infestation.

It is known that it was programmed to modify its behaviour on April 1st making detection harder, working on time from either GMT or local time zones.

In Asia and Europe it was being tracked by security experts as the date changed to April 1st, and this was no April Fool's Day joke either as it had been programmed to reach out to around 50,000 websites to download new commands.

Estimated figures are that around 2 million computers are infected, but there is no concrete evidence to give accurate figures.

No direct commands have been issued to the mass of 'bots' by its masters so it is a waiting game at the moment as the criminals behind this can send specific commands to activate the 'bot network' at any time and this could go on for several days or weeks.

There are no clues as to what the purpose of Conficker is, and the scary part is that those behind it can control so many computers with a simple mouse click to do whatever it is they have in mind.

April 1st seems to have passed with no real activity apart from the worm receiving commands to modify itself.

Conficker is self-replicating and takes advantage of networks or computers that have not been kept updated with security patches.

All users should ensure that as patches are released and security programs updated that they update as soon as possible to thwart any attempt at compromising their computers.

Networked computers are the biggest at risk, but also home users who use usb devices and transfer data from networked machines to single machines at home, so the transfer from one to another goes unnoticed.

If you can connect to security websites as shown in the first link at the top of the page, then you are NOT infected as Conficker blocks security sites.

Do NOT click unknown links in emails or download unknown attachments, they are being used to aid the spread of Conficker.

Criminal gangs will set up sites that promise to remove Conficker and they are expected to be loaded with malware or fake software which could lead to Identity Theft as payment will be via credit card, a method favored by the criminal gangs behind many of the fake antivirus scanners.

When there are tools available only use well known and established sites, and be very wary as there are many sites that look genuine but are not.

Only genuine sites will be included here after investigation to verify authenticity.

Update May 2009: Many new malware variants block access to security sites or block security programs from running and / or updating.

This in turn makes users believe that they may have the Conficker worm, they don't. Click here: Rename EXE Files and clean Hosts to repair