http://blogs.usatoday.com/technologylive/

Want to quickly find out if your PC might be one of the millions infected by Conficker? Try clicking to Microsoft.com. Next try Symantec.com. Now try McAfee.com.

If you can get to these sites, you're cool. But if your browser will not let you access any of these websites, then you very likely are infected with Conficker.

That’s because Conficker blocks you from reaching any web address that includes Microsoft, Symantec, McAfee, AVG, Kaspersky, Trend Micro, F-Secure, Panda, Sophos, SecureWorks or Sunbelt in the URL. It also blocks URLs that contain 103 other names and phrases that relate to security. You can see the full list by clicking to SRI International's report here and scrolling down to the table listed under "domain lookup prevention."

To get a full understanding of how jammed-packed Conficker is with sophisticated self-spreading and self-preserving features see this FAQ and this timeline.

You definitely want to check -- and disinfect -- before April 1. On that date all Conficker-infected PCs will begin trying to connect to 50,000 web domains to receive further instructions. Two schools of thought exist about what Conficker will do next.

Some experts, such as WinPatrol creator Bill Pytlovany, are sensing that the worm’s controllers will run circles around the Microsoft-led “cabal” of security groups trying to block some 3 million to 12 million Conficker-infected PCs from phoning home next week.

“How Conficker will mutate is anyone's guess," say Ptylovany. "It could be anything from turning a machine into a spam-bot or launching a widespread cyberterror attack. My guess is it will be something designed to make money.”

But Sophos researcher Chet Wisnieswski notes that Conficker's controllers can now reach each infected PC several different ways, thanks to a customized peer-to-peer network the bad guys have set up and organized the infected PCs into.

F-Secure researcher Patrik Runald notes that if Conficker's controllers wanted to send updates or instructions to any infected machine they can do that at any time. "It's unlikely anything major will happen on April 1st," says Runald.

So how can you get an infected machine to a Conficker clean-up tool? You have a couple of options. One is to use Enigma Software's free Conficker-specific scan-and-cleanup tool. Enigma is obscure enough that the bad guys did not include it on the list of blocked URLs.

But be aware: Enigma could not pass up the opportunity to attach a promotion to buy a $30 subscription directly alongside its free tool. Several readers have gotten misled into thinking that they must buy the subscription to activate the clean-up tool. An Enigma spokesman insists that the Conficker tool is completely free; he supplied this video showing what a free clean-up session should look like.

Another option is to click to this Microsoft malicious software removal site, which doesn't contain "Microsoft" in the URL. You'll find a free all-purpose malicious software scanner. However, I could not get it to work on my Firefox 3 browser, nor on my Internet Explorer 7 browser.

Microsoft says they are checking into this and suggested this last-ditch option: contact Microsoft Customer Service and Support at no charge, using the PC Safety hotline at 1-866-PCSAFETY.

Well I tried all three and got to each one. Guess I'm good to go.

Free removal tool

http://www.enigmasoftware.com/

60 Minutes did a story on this tonight. Freakin' scary. Thanks for posting this Nancy.

Thanks, Nancy!

From my readings this morning... as I suspected, it is probably being over-hyped

(BTW - this is a Windows based worm)

One reason I read that it might be is that a lot of media outlets were "attacked" so they naturally are making a fuss about it.

http://www.techtree.com/India/News/Secure_Yourself_Against_Conficker_Worm/551-100562-582.html

This one says they may have a fix:
http://www.channelregister.co.uk/2009/03/30/conficker_signature_discovery/

THis one says there is a fix and the danger is over-hyped
http://www.computerweekly.com/Articles/2009/03/30/235450/patch-to-stop-potential-conficker-attack-this-week-say-security.htm

And finally....... 60 Minutes freaks out over conficker
http://blogs.kansascity.com/tvbarn/2009/03/60-minutes-freaks-out-over-conficker-wheres-john-hodgman-when-you-need-him.html

Thank you Nancy!!

They're saying this morning to use your "tools" on the toolbar and go to Windows Update and check for updates and download Priority Updates. I guess a patch had been developed....the worm activated itself today. I've also heard to update your Security Program too...

http://www.cnn.com/2009/TECH/04/01/tech.viruses/

April Fools' computer worm surfaces


CNN) -- Experts watched warily Wednesday as a worm infecting millions of computers activated itself as predicted on April 1.


Computer users will not know that Conficker.c has infected their machine.

However fears the Conficker.c worm would cause chaos have so far proved unfounded, with no reports of major problems.

"As long as you've patched or at least brought your antivirus software up to speed, you should be fine," said Chris Pirillo, a tech expert for CNN.com.

And there are plenty of anti-virus software packages available.

"I believe just about everybody out there," Pirillo said, "has a removal tool."

Still, the worm could cause problems, he said.

Unlike viruses, worms self propagate, spreading by networks. "Once it's out there, it's very difficult to stop," Pirillo said.

He predicted that "the worst possible outcome" would be that some computers would run "suboptimally," as network traffic becomes clogged.

And its ability to do that is cleverly designed: Conficker.c has a feature that disables the Windows update program in the Microsoft product, keeping Windows from becoming patched, Pirillo said. It also disables the auto-update capabilities of many anti-virus software programs.

Pirillo said it may be a week or more before the true impact of the worm is known, but he predicted it will have one.

"It's going to be very annoying to say the least," he said. "It's going to impact network traffic."


Lawrence Baldwin, the chief forensics officer with mynetwatchman.com, an Internet security site based in Atlanta, said the motivations of Conficker.c designers appear to be different from the those who designed previous worms, which infected millions of computers but had little impact.

"Three or four or five years ago, they were plainly trying to prove how smart they were," he said. Now, he said, the designers' motivation appears to be financial. "They can make serious amounts of cash with a variety of means."

Still, he predicted, any damage will be limited. "I don't suspect that we're going to have any kind of global meltdown as a result of this thing. I think what we'll see is that the purpose and intent of Conflicker is to deploy a whole plethora of secondary malware -- spam, Trojans, key loggers, distributed denial-of-service attacks, adware, etcetera, etcetera. Basically, all the things that the criminal can make money with."

Widespread media coverage of the threat may have motivated many individuals and corporations to act, possibly minimizing the potential impact.

But just what is that threat? Computer experts acknowledged they don't know for sure. "The biggest question is what is actually going to happen?" said Simit Shah, director of Web operations for CNN.com.

So far, the worm "kind of calls home and says, 'What should I do?'" he said. And so far, the response has been to do nothing, he said.

But on Wednesday, the worm is expected to expand its daily call list from a set list of 250 sites to 500 Web sites chosen at random from 50,000, "so it becomes harder to continue using some of the countermeasures that have worked so far," he said.

The worm "could end up connecting to one of these sites and say, 'Go do something,'" he said. That "something" could wind up being any of a number of different kinds of attacks on any of a number of Web sites, including government ones, he said.

He said the worm already controls more than 10 million computers by some estimates and is very sophisticated. "If someone says, 'I want to try to hack some system and try millions of combinations of Social Security numbers,' they could purchase this computing power to do that," Shah said.

In February, security experts' efforts to fight back got a boost when Microsoft offered a $250,000 reward to anyone who could catch the worm authors.

That resulted in the formation of Conficker Cabal, a group of security experts trying to combat the worm.

Despite the worm's potential for causing damage, its still-unknown authors have earned "a lot of respect" from the security experts, Shah said.

"These guys are doing stuff you don't normally see done," he said.

One of the first things it does is to disable a computer's automatic updates, he said. In October, Microsoft released a patch to fix this vulnerability, but many computer users have not updated yet. And, "once you get the worm, it disables your ability to update," Shah said.

As long as you have service Pack 3 and your computer is updated you are fine.
Of course you need your anti virus and spy ware as always.

Go to my computer and right click and it should tell you what service pack you have.