Posted 03/16/09 at 05:06:59 PM by Mark Edward Soper

Just when you might have thought it was safe to start using USB flash drives at work again, the third, and by all accounts, most fiendish version of the Conficker worm that's infected millions of PCs already is set to attack on April 1st, Ars Technica reports. Conficker.C's designed to hide itself even more thoroughly than its older siblings, using tricks such as:

• Inserting itself into as many as five Windows-related folders such as System, Movie Maker, Internet Explorer, and others (under a random name, of course)
• Creating access control entries and locking the file(s)
• Registers dummy services using a "one (name) from column A, one from column B, and two from column C" method

To find out what happens when Conficker.C strikes, join us after the jump.

Read More

Posted 02/13/09 at 05:13:54 PM by Mark Edward Soper

The folks in Redmond are tired of hearing about the Conficker (aka Downadup) worm. Although Microsoft issued a patch back in October, Conficker's infected over 9 million PCs and crippled French and British military assets. Redmond's answer: a cool $250,000 reward for information leading to the arrest and conviction of Conficker's creators.

And, that's not all Microsoft has up its sleeve. To find out the rest of Microsoft's anti-Conficker strategy, join us after the jump.

Read More

Posted 02/10/09 at 09:51:47 PM by Mark Edward Soper

The London Telegraph reports that the Conficker (aka Downadup and Kido) worm virtually shut down both the French naval air force and Great Britain's RAF and Royal Navy for some time last month.

Ironically, the French had been warned as far back as October to harden their systems, but as we reported last month, millions of PCs hadn't yet been protected by installing KB958644. How bad was the infection, and how was it spread? Hit your afterburners and join us after the jump for details.

Read More

Posted 01/21/09 at 05:22:17 PM by Mark Edward Soper

Remember Microsoft's rare out-of-band security update from last October, MS08-067? Microsoft warned us then that Windows XP, Windows Server 2003, and Windows 2000 SP4 were especially vulnerable to being attacked. Windows Update probably took care of patching your home computer. However, companies and individuals that were slow to patch their fleets of PCs with KB958644 could find their computers now infected by a nasty worm called Conficker, Downadup or Kido.

How big a deal is Conficker/Downadup? According to F-Secure, the number of infected machines went from 2.4 million to 8.9 million in just four days as of last Friday.  Panda Security now estimates that as many as one in every 16 PCs may be infected. F-Secure wraps up its analysis by saying "The situation with Downadup is not getting better. It's getting worse." Panda compares the outbreak with the legendary Kournikova (2001) and Blaster (2003) outbreaks.

How does Conficker/Downandup spread, and what can you do about it? Join us after the jump to learn more.

Read More