Conficker Adds New Weapon, Thousands Of Personal Computers Quietly Become Servers For E-Mail Spam

Conficker, also known as Downadup or Kido, is quietly turning thousands of personal computers into servers of e-mail spam and installing spyware said the experts.

Conficker The worm started spreading late last year, infecting millions of computers and turning them into “slaves” that respond to commands sent from a remote server that effectively controls an army of computers known as a botnet.

Conficker installs a second virus, known as Waledac, that sends out e-mail spam without knowledge of the PC’s owner, along with a fake anti-spyware program.

Conficker, also known as Downup, as well as Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. The worm uses a combination of advanced malware techniques which has made it difficult to counter, and has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer.

Symptoms

* Account lockout policies being reset automatically.
* Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Windows Error Reporting disabled.
* Domain controllers responding slowly to client requests.
* Congestion on local area networks.
* Web sites related to antivirus software or the Windows Update service becoming inaccessible.
* User accounts locked out.

For more information about Win32/Conficker.b, visit the following Microsoft Malware Protection Center Web page:

http://www.microsoft.com/security/portal/Entry.aspx?Name=Win32/Conficker

Businesses worldwide are under attack from a highly infectious computer worm that has infected almost 9 million PCs, according to antivirus company F-Secure.

That number has more than tripled over the last four days alone, says F-Secure, leaping from 2.4 million to 8.9 million infected PCs. Once a machine is infected, the worm can download and install additional malware from attacker-controlled Web sites, according to the company. Since that could mean anything from a password stealer to remote control software, a Conflicker-infected PC is essentially under the complete control of the attackers. Conficker virus

The giant Conficker computer worm, once feared as an out-of-control Internet doomsday machine, seems to have settled — for now — on trying to make money in very predictable ways.

Researchers from Cisco Systems Inc. say some of the up to 12 million personal computers infected by Conficker are being used to send about 10,000 to 20,000 spam e-mails a day per computer, far less than they actually are capable of.

Earlier this month, some Conficker-infected machines started selling fake antivirus software, using annoying pop-up ads to warn of infections that only the criminals can clean up for a fee, but of course never do.

Cisco’s chief security researcher, Patrick Peterson, says researchers are convinced “this is the two-pronged method (the criminals) are going to use to make a fortune” off the infected machines.

The Conficker Virus Once this virus infects a computer it does a number of things including:

* Extracts all of its files to the %System% directory with random DLL file names, which can wreak havoc on your computer.
* Deletes the user’s Restore Points.
* Registers a services called Netsvcs
* Creates scheduled tasks that execute all of the DLL files.
* Creates it’s own simple HTTP server on the infected computer and spreads the worm to other computers in the network through file shares.
* Creates an Autorun.inf file in file shares to execute the warm files once the share is accessed by another computer.
* Connects to external sites to download additional files.

How to Remove Conficker Worm Manually? Despite the rapid spread of this virus with a total estimate damage of approximately over 9 million computers worldwide now, we do have a removal tool for Conficker that you can just do by yourself. It is nice to know this tool before you spend heaps of money asking for a professional help when you can do it by yourself.

Conficker Worm has been found to be targeting Windows 95 and 98, Windows Me and 2000, Windows 2003, Windows NT, Windows XP and Vista. There are many removal tools online for Conficker Worm. But we recommend you to download Symantec Security Response removal tool and follow these 4 easy steps:

1. You must render inoperative your system restore first. This can be done by putting on a temporary turn-off your System Restore especially if you are using a Windows Me or XP. You can also get instructions on turning off your System Restore by referring to your Windows Documentation.

2. Bring up to date your virus definitions by simply performing a live update of your antivirus program. There is a specific command in your computer that automatically updated your antivirus program on a daily basis so you may want to set that up now depending on your AV program.

3. Complete a full system scan and if there is a detected file, simply follow the steps to get rid of it.

4. Get rid of any values onto your registry.A Removal Tool for Conficker may seem a no-sweat job but please be careful and follow the steps in a chronological order so as to avoid further damages to your computer.

Microsoft’s Latest Windows 7 Release Looks Solid (MSFT)

Good news for Microsoft: The release candidate for Windows 7 came out in late April. And while it’s not much different than other recent betas, the buzz seems to be positive.