SAN FRANCISCO (AP) — The fast-moving Conficker computer worm, a scourge of the Internet that has infected at least 3 million PCs, is set to spring to life in a new way on Wednesday — April Fools' Day.

That's when many of the poisoned machines will get more aggressive about "phoning home" to the worm's creators over the Internet. When that happens, the bad guys behind the worm will be able to trigger the program to send spam, spread more infections, clog networks with traffic, or try and bring down Web sites.

Technically, this could cause havoc, from massive network outages to the creation of a cyberweapon of mass destruction that attacks government computers. But researchers who have been tracking Conficker say the date will probably come and go quietly.

More likely, these researchers say, the programming change that goes into effect April 1 is partly symbolic — an April Fools' Day tweaking of Conficker's pursuers, who for now have been able to prevent the worm from doing significant damage.

"I don't think there will be a cataclysmic network event," said Richard Wang, manager of the U.S. research division of security firm Sophos PLC. "It doesn't make sense for the guys behind Conficker to cause a major network problem, because if they're breaking parts of the Internet they can't make any money."

Previous Internet threats were designed to cause haphazard destruction. In 2003 a worm known as Slammer saturated the Internet's data pipelines with so much traffic it crippled corporate and government systems, including ATM networks and 911 centers.

Far more often now, Internet threats are designed to ring up profits. Control of infected PCs is valuable on the black market, since the machines can be rented out, from one group of bad guys to another, and act as a kind of illicit supercomputer, sending spam, scanning Web sites for security holes, or participating in network attacks.

The army of Conficker-infected machines, known as a "botnet," could be one of the greatest cybercrime tools ever assembled. Conficker's authors just need to figure out a way to reliably communicate with it.

Infected PCs need commands to come alive. They get those commands by connecting to Web sites controlled by the bad guys. Even legitimate sites can be co-opted for this purpose, if hackers break in and use the sites' servers to send out malicious commands.

Posted by Nancy Pursley in Virus & AntiVirus News at 14:22

Why watch out for the Honda Accords? Well, automobile accidents are one of the leading causes of injury and death and Accords are very common cars. This sounds pretty silly, doesn’t it? I mean, wouldn’t it make sense to drive like any car is a potential threat and drive as best as you can to avoid accidents with all cars? Of course it makes sense. Do you eat or take vitamins only to avoid scurvy, or do you not worry about scurvy because you are taking the steps to prevent all kinds of diseases through proper nutrition?

There is a lot of talk about the Conficker worm. A worm that “triggers” on April 1st, except it doesn’t really do too much that is special or of importance to most users on April 1st. Highly irrational thinking, concerning the Conficker worm is rampant. People see the hype and start to focus on “How do I know if I have Conficker and how do I prevent it?” when the rational approach is how do I make sure I am not infected with anything and how do I make sure I don’t get infected? There are far worse problems out there than Conficker and if you only focus on Conficker then you are diverting attention away from truly being secure. Do you cross the street despite the fact that 1,000 cars that are not Honda Accords are going through the intersection and each can kill or maim you, or do you wait until it is safe, regardless of the make and model of the cars?

OK, for those of you who are taking hype intravenously and no amount of rational thought will bring you comfort, go to control panel and open the Windows Security Center. If it is working you are not infected with Conficker.C. If the Security Center is not working then you may be infected with any of a number of different threats, many may be worse than Conficker. If you are an Eset's customer, then call us for free tech support. If you are a customer of another vendor call them for tech support.

April 1st your computer is not going to melt down due to Conficker. The only thing that Conficker is going to do on April 1st is re-route communications links between Italy and France causing worldwide pizza orders to be delivered with snails instead of pepperoni. OK, if I said that on April 1st you would have known it is a joke.

Yeah, Conficker is a serious problem, but not for home and corporate users who employ best practices already. The real problem is for the security professionals trying to prevent the worm from impacting the millions of people who fail to learn anything about security.

So, you still want to protect against Conficker? Here is what to do. Make sure that the Windows Security center is functioning and you are up to date on your Microsoft security patches. You can go to http://update.microsoft.com to manually check for updates. Make sure you’re antivirus product is up to date. Your antivirus product should be tested by Virus Bulletin (www.virusbtn.com) and/or certified by ICSA Labs, or have West Coast Labs Checkmark certification. Send me an email at askeset@eset.com if you need help determining this. Exercise caution in what websites you visit and never open attachments unless you have verified that you know the person who sent them and that they really meant to send the attachment and that they also know what it is. These instructions are not specifically for Conficker, this is simply part of how you protect against all of the threats out there.

It doesn’t much matter what I drive…if I don’t know how to drive safely, no car out there is as big a threat to me as I am to myself.

Get over the hype and practice security, not irrational fear.

Our Thoughts: Get protected!

Original Article

Posted by Nancy Pursley in Virus & AntiVirus News at 09:33