For those who have not read about it.

Conficker C - Legit Info

This is not something that was received by Email that I am passing along without knowing the person it came from or not checking it out myself.

I'm not a computer geek who generally knows about this stuff.

--------------------------------------------------------------------------------

I received, a week ago, info from the head of a network security department for a major corp, who my son swam with in college. He says that the Conficker C worm info is legit and causing a huge concern with the professionals. So believe it or not......here is what you are suppose to do.

He gave me the following info:

Make sure you have the following patch, you can get it at windows update. The patch was released in October 2008, so you may already have it, but check just to make sure. http://www.microsoft.com/technet/sec.../MS08-067.mspx

Also he sent this article from the NY Times to get an idea of what this thing is capable of:
http://bits.blogs.nytimes.com/2009/0...able-disaster/


If you still think it's BS.....do a google search. I hope it turns out to be nothing but it's better to be safe than sorry.

I had not seen anything posted on the site so I thought I would post it and let everyone make their own decision.






Yea....I know....I'm wonderfulllll ;)

:blush5:

Looks like the links don't work...


...try this.... http://tech.yahoo.com/blogs/null/128643/beware-conficker-worm-come-april-1/


http://support.microsoft.com/kb/962007


.

they talked about it on GMA today

Yep, this one's for real. Be alert.

http://www.breitbart.com/article.php?id=CNG.ff260104c1cb55d0b1e107242ecb3c9d.531&show_article=1

Ha Ha! I'm scared to click on any links talking about April 1st :p

Ha Ha! I'm scared to click on any links talking about April 1st :p


then don't click.....

..instead, Google search----> ( Conficker C )


if you have not heard of it........ Do the Google search!!!!

Might save you some problems tomorrow!!!


:lurk5:

60 minutes had a segment on this virus last Sunday. It's real.
ed

this might be a stupid question butttt here goes... so what does a hacker get from creating a virus or worm? do they just get to say they made it or does it make them money?

this might be a stupid question butttt here goes... so what does a hacker get from creating a virus or worm? do they just get to say they made it or does it make them money?


Personal information = $$$$$$

the news said this one will give the hacker all your person info..plus all e-mail address, and anything else you might have stored on your computer that could be of use to them....


OR it is a big april 1st joke..but are you willing to take this chance

this might be a stupid question butttt here goes... so what does a hacker get from creating a virus or worm? do they just get to say they made it or does it make them money?

Sometimes absolutely nothing. They do it for the "fun" of seeing everyone being shut down

If you have Symantec or Norton Antivirus, you are covered.

Just make sure your anti virus software is up to date and the virus definitions are current and you should be safe....

If you are really freaked out, here is a host of info from here at Symantec:

W32.Downadup.C FAQ

Q) Are AV signatures out in the field? If so, how many infections are we talking?
A) Yes, the signature is already in-field. Infection numbers are low, very low compared to previous variants of Downadup

Q) Apart from AV signatures how to I know if I’m infected?
A) Downadup prevent your ability from accessing many security websites. If there is a concern that a machine is infected, attempt to visit the Symantec.com website. If you are unable to, you may need to investigate further. If you are able to, you’re not infected.

Q) Do IPS (network) signatures exist for Downadup?
A) Yes, there are currently a number of signatures being used to detect the propagation of this threat.

MSRPC Server Service BO
MSRPC Server Service BO2
HTTP W32 Downadup Downloader Activity – Still Investigating

The first 2 signatures are meant to block the exploitation of BID 31874. Those are not specific to Downadup.
The 3rd signature is specific to Downadup

Q) Are there additional signatures in the pipeline?
A) Yes, there is another IPS signature being tested right now. If all goes well (no false positives or performance issues) that will be released in the coming days.

That signature will start sending us reviewable data within the next 24 hours. Once sufficient data is received, an update will be made. This signature will only be applicable to newer consumer products.

Q) Do we have a fixtool for this threat?
A) Yes, it can be found here -
http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

This tool was last updated today. It successfully detects and remediate’s all known infections of Downadup.

Q) Downadup infections block access to Symantec sites. How can someone get to the tool if they are infected?
A) Good question. We are working with others within the industry to address this common problem. More on this when we have an update.

Note - All Symantec fixtools are digitally signed. If someone unofficially stores a tool for personal sharing make sure you ask the person downloading it to verify the digital signature before using.

Q) Is the Symantec ThreatCon going to change because of Downadup?
A) At present we haven't reached our threshold for moving ThreatCon to a higher level. Most of what we're dealing with presently are queries about the threat, and not real infections. If this changes, we will take appropriate action.

• Corporate external landing page
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009033012483648

• Consumer external landing page
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm

• Downadup.C Threat Write-Up
http://www.symantec.com/security_response/writeup.jsp?docid=2009-030614-5852-99


Q) Anything else I should know?
A) No need to panic. We don't expect anything drastic to happen to the computing world on April 1st 2009. Symantec Security Response is closely monitoring all activity related to Downadup. It is also working with various people in the industry to reduce the impact of unpatched infected machines. We are constantly working to improve our AV and IPS signatures to protect our customers.

________________________________________
3-31-09

Mar-30

As we approach April 1st this threat continues to get additional media coverage, including a report on 60 Minutes with Steve Trilling. To help with this, we have included some additional useful articles:

Deepsight Write-up for W32.Downadup.C (requires login)
https://tms.symantec.com/loaddocument.aspx?fileguid=E5867F5088DE41B9B198D9DAA0D53BC1
Summary: On March 6, 2009, Symantec became aware of a new variant of Downadup. Called W32.Downadup.C, this variant presented substantial code changes to the malware. This analysis document gives a technical description of the malware s capabilities and compares them to its predecessor, W32.Downadup.B.

The Downadup Codex
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_downadup_codex_ed1.pdf
Summary: Since its emergence in November 2008, we have published 14 blog entries covering the various aspects of the threat—by far the most entries covering a single topic since we started this blog in 2006. With entire entries dedicated to topics from cryptographic protection to Universal Plug and Play, these entries cover the threat quite well. But 14 entries in-and-of-themselves is a lot of material to dig through in blog format.
To address this issue, we have compiled the entries into one location—what we’re calling The Downadup Codex. We’ve even included a new, as-yet unpublished article discussing the threat’s AutoPlay propagation techniques. The paper as a whole is organized in such a way as to provide a historical context to the threat’s emergence, spread, and current state.

Additional Blog Entries released after Codex
Downadup-Related Search Indexes Poisoned with Fake AV Sites
https://forums2.symantec.com/t5/Malicious-Code/Downadup-Related-Search-Indexes-Poisoned-with-Fake-AV-Sites/ba-p/393353

Downadup Motivations
https://forums2.symantec.com/t5/Malicious-Code/Downadup-Motivations/ba-p/393335

W32.Downadup.C Bolsters P2P
https://forums2.symantec.com/t5/Malicious-Code/W32-Downadup-C-Bolsters-P2P/ba-p/393331

________________________________________
3-30-09
Mar-25
Yesterday CNN published an article regarding this threat and we have fielded quite a bit of questions regarding the renewed interest that this has generated.

Key points:
• Symantec has had detection since March 6th, and has improved detection several times since then.
• Symantec Security Response has seen very low numbers of submissions and infections in the wild.
• Symantec is part of several groups watching this and other threats that might have a global presence.
• At this time there is no evidence to show that this threat poses any major threat to Symantec customers, on April 1st.

Additional reading:
Downadup.C Threat Write-Up
http://www.symantec.com/security_response/writeup.jsp?docid=2009-030614-5852-99

W32.Downadup.C Digs in Deeper
https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/249

A New Downadup Variant?
https://forums2.symantec.com/t5/Malicious-Code/A-New-Downadup-Variant/ba-p/391186

CNN - No joke in April Fool's Day computer worm
http://www.cnn.com/2009/TECH/03/24/conficker.computer.worm/index.html
W32.Downadup.C FAQ

Q) Are AV signatures out in the field? If so, how many infections are we talking?
A) Yes, the signature is already in-field. Infection numbers are low, very low compared to previous variants of Downadup

Q) Apart from AV signatures how to I know if I'm infected?
A) Downadup prevents your ability from accessing many security websites. If there is a concern that a machine is infected, attempt to visit the Symantec.com website. If you are unable to, you may need to investigate further. If you are able to, you’re not infected.

Q) Do IPS (network) signatures exist for Downadup?
A) Yes, there are currently a number of signatures being used to detect the propagation of this threat.

MSRPC Server Service BO
MSRPC Server Service BO2
HTTP W32 Downadup Downloader Activity – Still Investigating

The first 2 signatures are meant to block the exploitation of BID 31874. Those are not specific to Downadup.
The 3rd signature is specific to Downadup

Q) Are there additional signatures in the pipeline?
A) Yes, there is another IPS signature being tested right now. If all goes well (no false positives or performance issues) that will be released in the coming days.

That signature will start sending us reviewable data within the next 24 hours. Once sufficient data is received, an update will be made. This signature will only be applicable to newer consumer products.

Q) Do we have a fixtool for this threat?
A) Yes, it can be found here -
http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

This tool was last updated today. It successfully detects and remediate’s all known infections of Downadup.

• Corporate external landing page
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009033012483648

• Consumer external landing page
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm

• Downadup.C Threat Write-Up
http://www.symantec.com/security_response/writeup.jsp?docid=2009-030614-5852-99


Q) Anything else I should know?
A) No need to panic. We don't expect anything drastic to happen to the computing world on April 1st 2009. Symantec Security Response is closely monitoring all activity related to Downadup. It is also working with various people in the industry to reduce the impact of unpatched infected machines. We are constantly working to improve our AV and IPS signatures to protect our customers.

________________________________________
3-31-09

Mar-30

As we approach April 1st this threat continues to get additional media coverage, including a report on 60 Minutes with Steve Trilling. To help with this, we have included some additional useful articles:

Deepsight Write-up for W32.Downadup.C (requires login)
https://tms.symantec.com/loaddocument.aspx?fileguid=E5867F5088DE41B9B198D9DAA0D53BC1
Summary: On March 6, 2009, Symantec became aware of a new variant of Downadup. Called W32.Downadup.C, this variant presented substantial code changes to the malware. This analysis document gives a technical description of the malware s capabilities and compares them to its predecessor, W32.Downadup.B.

The Downadup Codex
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_downadup_codex_ed1.pdf
Summary: Since its emergence in November 2008, we have published 14 blog entries covering the various aspects of the threat—by far the most entries covering a single topic since we started this blog in 2006. With entire entries dedicated to topics from cryptographic protection to Universal Plug and Play, these entries cover the threat quite well. But 14 entries in-and-of-themselves is a lot of material to dig through in blog format.
To address this issue, we have compiled the entries into one location—what we’re calling The Downadup Codex. We’ve even included a new, as-yet unpublished article discussing the threat’s AutoPlay propagation techniques. The paper as a whole is organized in such a way as to provide a historical context to the threat’s emergence, spread, and current state.

Additional Blog Entries released after Codex
Downadup-Related Search Indexes Poisoned with Fake AV Sites
https://forums2.symantec.com/t5/Malicious-Code/Downadup-Related-Search-Indexes-Poisoned-with-Fake-AV-Sites/ba-p/393353

Downadup Motivations
https://forums2.symantec.com/t5/Malicious-Code/Downadup-Motivations/ba-p/393335

W32.Downadup.C Bolsters P2P
https://forums2.symantec.com/t5/Malicious-Code/W32-Downadup-C-Bolsters-P2P/ba-p/393331

________________________________________
3-30-09
Mar-25
Yesterday CNN published an article regarding this threat and we have fielded quite a bit of questions regarding the renewed interest that this has generated.

Key points:
• Symantec has had detection since March 6th, and has improved detection several times since then.
• Symantec Security Response has seen very low numbers of submissions and infections in the wild.
• Symantec is part of several groups watching this and other threats that might have a global presence.
• At this time there is no evidence to show that this threat poses any major threat to Symantec customers, on April 1st.

Please let us know if there are additional questions we can answer.

Additional reading:
Downadup.C Threat Write-Up
http://www.symantec.com/security_response/writeup.jsp?docid=2009-030614-5852-99

W32.Downadup.C Digs in Deeper
https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/249

A New Downadup Variant?
https://forums2.symantec.com/t5/Malicious-Code/A-New-Downadup-Variant/ba-p/391186

CNN - No joke in April Fool's Day computer worm
http://www.cnn.com/2009/TECH/03/24/conficker.computer.worm/index.html

And I thought this was a joke

Would I ever JOKE??????

this might be a dumb question, if I erase my cookies and delete the bank favorite that's saved is that stuff still able to be gotten if there was a worm on the computer?

this might be a dumb question, if I erase my cookies and delete the bank favorite that's saved is that stuff still able to be gotten if there was a worm on the computer?

Depends on your browser. Make sure you exercise all of the "clearing private info" in either Internet Explorer and/or Mozilla Firefox. Once you do that, you ought to be in safe shape. Most malicious worms are designed to work quick and fast and widespread; and not slow and deep and focused.