Computer Worm For April 1st

[CatherineM]

Th[i][/i]ey sa[i][/i]id o[i][/i]n th[i][/i]e ne[i][/i]ws toni[i][/i]ght th[i][/i]at th[i][/i]e o[i][/i]nly comput[i][/i]ers w[i][/i]ho we[i][/i]re aff[i][/i]ected we[i][/i]re th[i][/i]e o[i][/i]nes ru[i][/i]nning pira[i][/i]ted co[i][/i]pies o[i][/i]f Wind[i][/i]ows. Wo[i][/i]nder i[i][/i]f th[i][/i]a[i][/i]t ha[i][/i]s a[i][/i]nyt[i][/i]hing t[i][/i]o d[i][/i]o wi[i][/i]th B[i][/i]ill Gat[i][/i]es off[i][/i]ering a rewa[i][/i]rd fo[i][/i]r, t[i][/i]h[i][/i]e fir[i][/i]st tim[i][/i]e. May[i][/i]be th[i][/i]ey kn[i][/i]ew, an[i][/i]d did[i][/i]n't w[i][/i]ant peo[i][/i]ple pointi[i][/i]ng fing[i][/i]ers a[i][/i]t th[i][/i]em.

[eagle_eye222001]

[url="http://www.pcmag.com/article2/0,2817,2344342,00.asp"]http://www.pcmag.com/article2/0,2817,2344342,00.asp[/url]

[i] OpenDNS: 'Conficker' Barely Scratched U.S.

04.02.09
discuss Total posts: 1

by Neil J. Rubenking
The Conficker worm appears to have been quiet, both in activity and in the number of PCs it affected within the United States.

Why? The Conficker worm is tightly involved with the Domain Name System (DNS), the technology that resolves human-friendly domain names like pcmag.com into the IP addresses needed for actual Internet communication. Conficker subverts DNS so infected systems can't reach web sites that might help them remove the worm. And every day it tries to contact 500 seemingly-random domains seeking updates and new orders.

OpenDNS, a free service that handles all DNS lookups for its customers, is uniquely well situated to gather information about this worm.

David Ulevitch, CTO of OpenDNS, explained that the worm's daily roster of domains to check isn't truly random. It's actually generated by an algorithm that researchers at Kaspersky Labs have cracked, so they can precisely replicate each day's list of URLs. Perfectly valid URLs come up in the mix quite frequently. For example, Ulevitch revealed that the list for today, April 2, includes www.gmit.ie, the Galway Mayo Institute of Technology in Ireland. And on April 14 CNET's British wing , www.cnet.co.uk, will hit the list. OpenDNS and Kaspersky are sharing information with other security vendors so they can block Conficker's traffic without affecting valid sites.

OpenDNS can easily detect a Conficker infection by the traffic it generates. They've pulled together some interesting statistics from its user base, which is well over 10 million clients.

Around five percent of all OpenDNS users evidenced infection by the Conficker worm. Despite the fact that roughly half of OpenDNS's users are in the United States, the vast majority of infections came from elsewhere. Under 5 percent of infected systems came from the U.S.; it's not even in the top five of countries affected by the worm, which are: Vietnam (13 percent), Brazil (12 percent), Philippines (11 percent), Indonesia (10 percent) and Algeria (7 percent).

Ulevitch observed that the worm is extremely time-sensitive and extremely accurate. "It doesn't matter how screwed up your system clock is," he said. "The worm gets its time from a trusted host. Five PM Pacific time on the 31st is the start of April 1st in UTC, and right on the second we saw increased traffic."

The fact that April 1st has passed doesn't really make a difference. According to Ulevitch OpenDNS is seeing over 300 connection attempts per second by infected systems right now. Sometime today OpenDNS users will find a new component on their OpenDNS Dashboard, one that will quickly reveal whether or not they've got a Conficker infection. Consumers can also use several easy tests to determine if they've been infected.

"We have it under control until it evolves; then we have to take evasive maneuvers," said Ulevitch. "It's bigger than we thought."
[/i]

[abercius24]

By the way, who names these viruses??? Conficker? What is a conficker??

[Nihil Obstat]

[quote name='abercius24' post='1827211' date='Apr 6 2009, 10:51 PM']By the way, who names these viruses??? Conficker? What is a conficker??[/quote]
It's probably the program name that the hacker wrote.

(and who knows how hackers think?)