Conficker is celebrating its first birthday!

Conficker is a Windows worm targeting flaws in the operating system to assign machines and link them into a virtual computer that can be commanded remotely by its authors. It is also known as Downup, Downadup and Kido which was first detected in November 2008. It uses a combination of advanced malware techniques making it difficult to counteract. It is believed to be the largest computer worm infection since the SQL Slammer of 2003.

According to Shadowserver Foundation, a volunteer group of IT security professionals, there are at least seven (7) million IP addresses infected by the Conficker worm. They also stated that the Conficker worm is still hitting Brazil and China.

Conficker is rampant in countries where many people are using bootleg copies of Microsoft Windows which is not advisable to do because it has no built-in security features exposing the computers open to infections. So don’t ever buy or use bootleg software. If you are using a legitimate and licensed Windows, always update it to get all the latest security patches. Of course, always keep an antivirus program that is working and updating automatically.

How Can Techie Now Help?

In these days, Conficker is still infecting many computers. It is now considered as one of the biggest worm infection of all time. For now, computer owners must protect their PC from security threats like Conficker. Contact Techie Now, to help you with the PC protection that you need. Techie Now offers PC support services: virus and spyware removal, performance optimization, installation and configuration, and general repair. Techie Now care about your PC needs.

www.TechieNow.com

According to Microsoft’s latest version of the semi-annual Security Intelligence Report (SIR), Conficker worm is still one of the most dominant threats of PCs using Windows. Five million computers were found to be infected with Conficker. It can be spread either by exploiting a vulnerability in the Microsoft Windows Server service, through infected removable media or brute-forcing weak passwords on other PCs. Microsoft was alarmed with Conficker’s continuous circulation mainly in enterprises. Conficker has a password-cracking ability that can spread fast if one PC in the company is already infected.

Another worm named is Taterf. It took the second spot when it comes to the most infections, specifically 4.9 million. Taterf is known for stealing authentication and account information for popular online games like World of Warcraft, Lineage, Maple Story and more. It can be spread through infected drives such as a USB stick or an infected network drive.

Next in the line is the Zlob. It is a Trojan horse spreading while making people believe that it is a media codec than a virus. A media codec is software used to encode and decode audio or video. Zlob can be removed using Microsoft’s Malicious Software Removal Tool (MSRT).

Microsoft mentioned the growing numbers of security problems including the fake antivirus programs. These programs seems to be a legitimate software but do not actually work. They just annoy people with pop-up menus displaying that their computer is infected and will only stop after purchasing the software for as much as $60. Microsoft has added new antivirus software such as Windows Defender and the MSRT to detect more worms and viruses.

Different countries encounter different threats. Trojan horse programs, known for downloading other malicious software, are the biggest threat in countries like United States, United Kingdom, France and Italy. In Brazil, malicious software intended for online banking is the problem. Worms are still dominant in South Korea and Spain.

How Can Techie Now Help?

Microsoft has proven that worms are the most dominant security problem for PCs. With the blink of an eye, a Conficker, Taterf or Zlob can easily infect your computer. The right thing to do is protect your PC right away with an antivirus software. If you need help with  antivirus software or virus removal, Techie Now is here to give the fast and safe services that you need. With Techie Now, we will keep your PC clean and protected.

www.TechieNow.com

A lot of people think that the conficker worm is just another virus but when Microsoft offered a bounty for information leading to the arrest of its creator… that’s when it became a popular worldwide scare.

Nobody was an exception to conficker – consumers, businesses, even techies! As a matter of fact it was reported that as of today there are people still being infected (http://ezinearticles.com/?Conficker-Continues-to-Infect-the-Internet&id=2361893). But how does it really work? Let’s take an actual scenario where a small business experienced a conficker attack and how TechieNow.com resolved it.

The Story

The business for this case study is composed of 10 computers and 1 server. One unit, let’s say PC A, show the following symptoms:

1. cannot browse the internet
2. the task manager shows multiple PCUserA.exe processes
3. cannot access the server
4. automatic updates service was turned off

This symptoms coincide which those listed in Microsoft’s Conficker worm support site http://support.microsoft.com/kb/962007.

Several scans were performed but none seemed to work. Ultimately, PC A underwent a wipe off of its hard drive thinking that this will get rid of the problem… but no can do, it does come back even after a clean install.

It was a pretty weird experience. The problem was fixed when PC A was first disconnected from the network and then its hard drive was reformatted. Simultaneously, PC B, PC C and others are having the same dilemma.

The Solution

Researching on the causes of such an attack led to heaps of information. Several antivirus companies’ offers detection tools and Microsoft as well launched an update for conficker removal. In the end, the following tools were used:

• McAfee’s conficker detection tool http://www.mcafee.com/us/enterprise/confickertest.html
• Microsoft’s advice from http://support.microsoft.com/kb/962007

The Prevention

To stop Conficker from spreading to all systems and to prevent future occurrence, a Group Policy Object was made with the following rules:

• Remove permissions to write in the %windir%\task folder
• Remove write permissions to the svchost registry subkey
• Disable Autoplay features

Technical Information

Name: Conficker

Aliases: Win32/Conficker A, Mal/Conficker-A, Trojan.Win32.Agent.bccs, W32.Donwnadup.B, Trojan-Donwloader.Win32.Agent.aqfw, W32/Conficker.worm, Trojan:Win32/Conficker!corrupt, W32.Downadup, WORM_DOWNAD, Confickr, as named by several Security sites.

Type: Conficker is a worm that has the ability to infect other computers across a network by making the most out of vulnerability in svchost.exe. This could allow further infection when file sharing is enabled. At some cases, it propagates thru removable drives and by exploiting weak passwords.

History: The first among the family was first discovered on November 21, 2008 and the payload trigger date was November 25, 2008 and later. Microsoft had offered a reward of $250,000 on February 13, 2009 for information that leads to the arrest of the creators of the Conficker worm.

Prevention: To prevent any virus attacks to your computers, make sure that the latest security updates are applied. Install a trusted anti-virus program, turn it on and always update it.

How can Techie Now Help?

We’re specialists in Malware removal. Conficker is one of the trickiest to remove but we’re confident we can help you. If you need support come to our web page and select a service.

www.TechieNow.com