Conflicker awakens
Posted by admin on April 17th, 2009 filed in Things to Consider ...Most of the internet world heard the hype and waited for the virtual sky to fall, thanks to the Conflicker worm, this past April 1st. But after nothing seemed to happen, the worm lost front page status. The real story started on April 7th… the Conflicker worm “woke up.” The latest variation, labeled WORM.DOWNAD.E, dumped a payload of highly encrypted code into an estimated 10-30 million infected computers, but only tech sites and blogs seem to notice.
According to Hugh Deura, at InfoSec.com; “How damaging this payload could be, will be totally dependent on the worm originators imagination.”
This payload is suspiciously similar to the Waledac family of malware, which is known to have been used to build massive data stealing botnets in the past. These infected slave computers form a nefarious data stealing network, or botnet, that sends passwords, bank account info, or potentially any keystroke made on these slave computers are logged and relayed back to the master computers. It also gave instructions to increase the spread of infection from 50 outcalls a day/per infected computer to 50,000 possible targets via peer-2-peer updating.
If you have a Mac, you should be OK, but if you are a PC user and you thought this was just an April Fool’s joke, you probably owe it to yourself to start reading up on patches and compare removal options; here is a good starting point, Laris Technologies, Inc.
However, you first have to figure out if you are infected and that can be challenging. See, the worm is hiding behind software called a rootkit, which masks its presence from your computer and your automated software updating programs; which the worm disables without setting off alarms.
Another clue: In the last two or three months, have you been prompted to update any browser or security software? If not, you may be infected. Here is a test page developed by the Conflicker Working Group that can help determine if you’ve been infected: Conflicker Eye Chart.
You can keep track of the latest news about the Conflicker worm at Trend Micro’s blog, which is running a collaboration project with the Conflicker Working Group to compile and analyze a time line of the worm’s progress.
Stay informed and stay safe.
