Skip navigation

Monthly Archives: March 2009

It’s April 1st in the East

Well, according to http://www.timeanddate.com/worldclock/ and http://www.worldtimezone.com/, it is past midnight in places like China and further along on in other areas. We should be seeing any impact of Conficker pretty soon. Stay tuned.

The recent attention about of Conficker/Downadup is warranted

While the recent media attention may be warranted, it is all based on guesses. The fact of the matter is that, other than the authors, no one knows what the payload will be. It "can" be allot of things. By some reports, the infection rate is already much larger than that of SQL Slammer. Others believe this will be a massive spam and malware serving campaign. Either way, those responsible for INFOSEC (Information Security) are doing the prudent things such as preparing for defense and recovery.

If you haven’t seen any of the media frenzy on this, you can see the 60 minutes story on their web site or you can read the Microsoft article here:
http://www.microsoft.com/security/portal/Entry.aspx?name=Win32%2fConficker and
http://technet.microsoft.com/en-us/security/dd452420.aspx.

I caution against web searches (like Google) on the subject as malware (not anti-malware sites) are already poisioning the search streams with fake Anti-Virus software.

Now is the time to do the FULL SCAN and Microsoft updates that you have been putting off.

At a bare minimum, I’d expect that numerous domain names will be registered for serving malware and updating Conficker/Downadup to increase the infection network.

Fake AntiVirus software takes another leap

We’ve all seen the fake Anti-Virus attacks that have been populating various web sites. In a post on their blog, Trend Micro has reported some details that have been discovered in the most recent variant of the malware. These are bad enough, but the newest holds a twist from a previous form of malware. If encrypts files on your PC and holds them ransom. The targets are everything in the user’s MY DOCUMENTS folder. The ransom fee is $50 (for a paid version of a program that "fixes" the corrupted files). As the suspicious may have expected, the fake AV program was the culprit.

Watch for more of this as research continues on some of these fake anti-virus attacks.