Conficker?
AhnLab V3 Click: What is the difference between Clean Wise and Clean Wide? 6591: 232: AhnLab V3 Click: What do the different colored lights on V3 Click mean? 5945: 231: AhnLab V3 Click: Does V3 Click work in Safe Mode? 4881: 230: AhnLab V3 Click: Update is not working properly. 2227: 229: AhnLab V3 Click. Bithumb exchange provides clients with powerful security solutions including Ahnlab safe transaction, V3 Mobile Plus, and Droid-X. They offer the Bithumb mobile trading app which is compatible with Android/iOS devices and can be downloaded from the respective app stores.
Conflicker?
DownAndUp?
It’s all so confusing, but whatever the name, the worm is the same. Here’s the scoop (for simplicity of reading, I’m going to just refer to it as Conflicker)
Conflicker has been around for a while, and in fact has three known variants (versions), A, B, and C. The much-hyped event that’s anticipated for this April Fool’s Day is that a new variant, Conflicker_D will likely be deployed.
Backgrounder:
In general, Conflicker is a botnet type worm which means the way it works is to infect as many machines as possible and enable a “network” of sorts by allowing the worm’s author to connect to the infected machines through the Internet. Although no other payload has yet been discovered, it is assumed that any payload could be potentially delivered thanks to the fact that Conflicker allows its author to take control of infected machines remotely.
How does Conflicker get on your PC?
Unlike old-school virus that were transmitted via email or other so-called ‘viral’ methods, there is no social engineering or similar trickery required for your PC to become infected with Conflicker. That is, you don’t infect yourself by clicking or opening anything. In fact, all that’s required to get infected, is to be connected to the Internet and not have the latest patches (Windows updates) from Microsoft! This is because Conflicker gets into your machine through a security flaw in Windows, and if you don’t have the patch from Microsoft that closes up the flaw, your PC is susceptible to infection.
What are the symptoms?
Unfortunately for the unprotected and infected, there really aren’t any visible symptoms to speak of. Unlike old-school viruses that generally had a calling card then emailed themselves to all your friends and wiped out your hard drive, Conflicker remains more valuable to it’s author by being quiet, efficient, and undetected. The most common symptom that might alert you to a Conflicker infection is a virus scan reporting that you’re infected.
Why Conflicker?
Why is it valuable to somebody to infect all those (millions) of PCs and not do typical virus-like things such as destroy the machines? Think of it as a person or entity having control of all those machines to do whatever they please, whenever they please! For example, how much would access to those machines be worth on the black market to an unscrupulous organization that may want to harvest credit card or banking information, or use those machines to launch a DOS (Denial of Service) attack against a website. The possibilities for how those millions of machines could be put to use are endless, so what the author of Conflicker has done is created a high-value network of PCs that may include your own if you are infected, and may just be sold of to the highest bidder as a tool that’s not likely to be used for good.
How can you protect yourself?
If you have Windows automatic updates turned on, you’re probably already protected as Microsoft already released the updates that close the flaw back in October of 2008.
If you’re not sure, you can get updates from the microsoft update website by clicking this link: Windows Updates
It’s also a good idea to make sure your Antivirus program is up to date and perform a virus scan as all of the major Antivirus providers currently detect Conflicker variants.
Below is a short list of resources. You can find a more comprehensive list including technical research info at The Internet Storm Center/DSHIELD
Removal Instructions
Microsoft:
http://support.microsoft.com/kb/962007
Kaspersky:
http://support.kaspersky.com/faq/
BitDefender:
http://www.bitdefender.com/VIRUS-1000462-en–Win32.Worm.Downadup.Gen.html
Trend Micro:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp
To be able to access Anti-Virus vendors and SANS, Microsoft and others, from an infected Conficker.C machine, TrendMicro suggests to use “net stop dnscache” from the command line
Sophos:
http://www.sophos.com/support/knowledgebase/article/51416.html
Removal Tools
Microsoft MSRT:
http://www.microsoft.com/security/malwareremove/default.mspx
F-Secure:
ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip
AhnLab::
http://global.ahnlab.com/global/file_removeal_down.jsp?filename=12371830475821&down_filename=v3conficker.zip
Symantec:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
McAfee:
http://vil.nai.com/vil/stinger/
ESET:http://download.eset.com/special/EConfickerRemover.exe
BitDefender:
http://www.bdtools.net/
Kaspersky:
http://data2.kaspersky-labs.com:8080/special/KidoKiller_v3.3.3.zip
TrendMicro:
https://securecloud.com/support/sysclean
Sophos:
https://secure.sophos.com/products/free-tools/conficker-removal-tool-network/download (registration required)
Ahnlab Free Download
This article was written by Andy Trask, Head Geek at Geek Housecalls, the New England area’s original traveling computer geeks, on the web at www.geekhousecalls.com. Geek Housecalls specializes in “anything computer” and, since 2001, has become the trusted in-home computer and technology support provider for over 15,000 families and small business computer users in eastern Massachusetts, Rhode Island, and southern New Hampshire. For help with your computers, gadgets, or network at home or at the office, click here to contact Geek Housecalls via the web, or call toll free:
Ahnlab Safe Transaction What Is It Used To
1-877-4PC-GEEK (1-877-472-4335)