Serious Threat
On April 1, Many computers were affected by a Conficker virus. The Conficker virus was updated recently and this update has made this more efficient,it has infected 15 million computers worldwide. However, the day passed without the worm showing any activity.
"Conficker is a large botnet that has a lot of potential to do harm. It hasn't happened just yet, and most security vendors, including Websense, predicted it wouldn't necessarily happen on April 1. However, the bot gives its perpetrators a lot of power, and at some point, Conficker may do something "bad" on infected machines like, stealing data, sending spam, issuing DDOS attacks, etc
The creators of the virus may be working on a more sophisticated '.D' variant that could be even more difficult to track or remove.
The new variant could include abilities like:
* More domains created per day and could have different domains generated per machine
* Could include large samples of good domain names to spoof researchers
* Could have some PKI built in to thwart reversing and may use updates to grab new keys
* Could use new methods to spread via MS08-067 with some P2P attributes
Another thing for security heads to be aware of is that some malware writers are making use of the fear and hype surrounding Conficker to spread fake anti-Conficker tools. Top search engine results for typical Conficker removal keywords have been poisoned to link to potentially malicious/junk websites, again in an attempt to direct users away from legitimate websites....
Symptoms of a Conficker infections are:
* Account lockout policies being tripped.
* Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and error reporting services are disabled.
* Domain controllers respond slowly to client requests.
* The network is congested.
* Various security-related Web sites cannot be accessed
