Vista - Conficker.C, WORM, Serious Threat!!

The monthly updated Microsoft Malicious Software Removal Tool detects and removes the conficker infection, well supposedly.

THIS IS NO JOKE!!

Just when you might have thought it was safe to start using USB flash drives at work again, the third, and by all accounts, most fiendish version of the Conficker worm that's infected millions of PCs already is set to attack on April 1st, Ars Technica reports. Conficker.C's designed to hide itself even more thoroughly than its older siblings Conficker.A and Conficker.B, using tricks such as:
•Inserting itself into as many as five Windows-related folders such as System, Movie Maker, Internet Explorer, and others (under a random name, of course)
•Creating access control entries and locking the file(s)
•Registers dummy services using a "one (name) from column A, one from column B, and two from column C" method
To find out what happens when Conficker.C strikes, join us after the jump.
Conficker.C's payload makes it harder than ever to recover from being infected:
•Deactivates Windows Security Center notifications
•Prevents restart in Safe Mode
•Prevents Windows Defender from running at system startup
•Deletes all system restore points
•Disables various error-reporting and security services
•Terminates over twenty security-related processes
•Blocks DNS queries
•Blocks access to security and antivirus websites
•And, to top it all off, Conficker.C can choose from a list of 500 domains to contact out of a pool of 50,000 (way up from Conficker.B's 32 out of 250).

Link:: This is No Joke: Conficker.C to Strike on April Fools' Day | Maximum PC

Removal Tool:: How to use the Downadup removal tools - BDTools.net

+++++++++++++++++++++

I can't say much else, as I don't know much else, though I read about this on another Forum I belong to. I have all my Updates in place as always, ran MS Malware Removal Tool, Ran complete system Scan, my PC turned up clean of
Conflicker A and B as well as C, but then C has not been released as yet.

+++++++++++++++++++++

I do know MS has a bounty out on the individual responsible, $250,000 BUCKS!!

That should give you guys an Idea of how SERIOUS this THREAT is!!

I am not sure about the removal tool either, but that's the only one I found.
Thus far.

JUST A HEADS UP!!! PEOPLE!!

Blue



Just be AWARE!!

Google:: Conflicker c worm - Google Search=

Virus to erupt in PCs April 1



Invader may be hiding in your hard drive



By Nick Lewis, Calgary Herald March 25, 2009



It's a malicious virus that could attack computers on April Fool's Day, and it's no laughing matter to the millions of people who could be affected.
The Conficker C Internet worm is a brand-new, sophisticated computer virus that latches onto Windows PCs via unreliable websites and infected downloads. It exploits weaknesses in Microsoft's operating system and conceals itself on a hard drive, laying dormant until April 1 when it will "call home" and search for new instructions from its originator, say Internet experts.
While hundreds of computer viruses have been unleashed and eliminated since the 1980s, what's scary about Conficker C is that no one knows what it does or what it intends to do. It may prove to be the world's biggest April Fool's joke, or it could have the potential to take over your machine and steal all your personal data.
"Somebody thinks this is funny, but we certainly don't," says Byron Holland, president and CEO of the Canadian Internet Registration Authority.
Launched in October, the worm works in two stages, the second of which is expected to commence on April 1.
"The first stage is to go out and infect as many unprotected computers as possible,"Holland says. "The next stage is for that whole network of computers, what we called a'botnet,' to try to reach out and communicate with a centralized command and control centre which will give it some direction."
To hide its tracks, the worm creates a list of tens of thousands of domain names, any of which could become a command and control centre.
"By creating that large list, it makes it harder for those of us in the security community to really isolate the command and control centre,"Holland says. "We don't know who's behind it and as a result, we don't know their intent."
Once a computer is infected with Conficker, it can be controlled by the creator of the worm. The infected computers are used to send spam to millions of other Internet users or to directly send the virus to other computers. The infected computers form a botnet, and this network can then be used to gather personal information--anything from your personal browsing history to your credit card numbers.
"There's some claims that it could be a pretty serious worm," says Stu-art Crawford, VP at Calgary-based IT firm, Bulletproof InfoTech. "It could call home and install something potentially serious.Or it could all be a dark April Fool's joke just to leave everyone on edge. We have no idea."
Because this worm wiggles across the World Wide Web, Calgary's PC users are just as at risk as any others.
"Because of the connected, global world we live in, no computer user anywhere is any more or less susceptible to these viruses,"Crawford says. "They may originate in one area, but it doesn't take long to spread via the Internet."
The program does not infect Macintosh or Linux-based computers. An estimated 12 million Windowsbased PCs around the world are already hosting the worm since its launch in October. Microsoft has since offered a $250,000 reward for any information leading to the capture of the worm's originator.

"Every system has their vulnerabilities, but people write viruses to attack Microsoft systems because they have 90 per cent of the market share, giving any virus a more dam-aging effect,"Crawford says. "Why bother writing software when it affects only a niche audience?"
While in its early stages it was possible to identify and erase the Conficker worm with commercially available antivirus tools. Conficker C, its third and latest version, supposedly removes those preventive programs and turns off Microsoft's security update service.
The program also opens holes in firewalls in an attempt to improve communication with other infected computers. Pirated versions of the Windows operating system, many of which are in use in the developing world, are especially at risk.
"This is a smart worm," says Holland. " We worked with our international colleagues to reverse-engineer the code, that's how we know when it will be deployed as well as what domains it will be hitting.
"Fundamentally, the challenge lies with unprotected computers, computers that either have older or out-of-date operating systems that are not updated, or pirated versions of the operating system that don't get updated."
The good news for PC users running retail versions of Windows is that the virus is preventable with a downloadable security patch from Microsoft.
Crawford, who has 15 years of experience in information technology, says now is the time to update and protect your PC.
"Most people get that annoying message that pops up asking them to update their antivirus software, and they dismiss it and never get around to it,"he says. "If the patches haven't been applied, your vulnerability is much greater."
If you'd like to download the latest Microsoft patch to protect your Windows- based machine, visit technet. microsoft.com.For more information on the ConfickerCvirus, visit Bulletproofitblog.ca
© Copyright (c) The Calgary Herald