Sci/Tech Conficker worm believed to have originated from China

[sqrage]

Chicago (IL) - The Conficker worm has been widely discussed in recent weeks, and the $250,000 bounty has had many on the hunt for the virus's origination. Microsoft offered the $250,000 for anyone who could provide information which leads to an arrest in the Conficker case.


On Monday, individuals at BKIS -- a Vietnamese security firm which makes the BKAV antivirus software -- announced that they had uncovered clues which lead to the belief that the virus originated in China. Previously, it was believed that the origination of the virus was either Europe or Russia (due to certain IP address ranges which trace back to Russia being ignored by the virus).

Following further analysis of the virus's coding style however, the firm discovered that Conficker's code is eerily similar to that of the Nimda virus, which seriously infected e-mail and the Web in 2001. It was during that time period BKIS determined the Nimda virus had its roots in China -- though this belief was never verified.

Conficker worm might originate in China

A Vietnamese security firm concludes that the Conficker worm has the same root as the Nimda, which the firm believes originated in China.

www.cnet.com

___________

This is a good article, it provides a lot of information and ways to avoid being infected. I think anyone that is worried about Conficker should read this.

 

[UndeadDragon]

Is there actually any way to detect whether your computer is infected?

I think I should be safe, because none of my security settings have been altered and I can still use the process explorer (because the article said that the virus disables that).

 

[Whitesock]

From what I hear the virus is also coded to recieve new instructions on April 1st.

I would recommend backing your important files up soon. =/

The worm is programmed and set up to update itself from randomly generated domains. The third variant of the Conficker is expected to be spreading beginning on April 1. According to security software companies, the worm will send hundreds or thousands of update requests to its 50,000 domains. The result will be forced downloads of malicious code and potentially an increased rise in spam email. The owner of the virus only has to utilize one of the domains to host the update, making it nearly impossible for authorities to track the update source.

 

[DDRtists]

Not to say this isn't serious, because it is, but I just wanted to point out one thing. The April 1st scare is ONLY if you already have the older versions of the virus, then it will download the newest version ( Conficker.C ).

I'd still watch out and also back up your files still in case they updated the spreading code, but it's not like they're going to push a button and everyone will have it. You have to already have the Conficker.B or Conficker.A version to get it right away on April 1st, though I'm sure it will try to spread much more now.

 

[undeadorcjerk]

weird. I've never heard of this virus until today in school and now its on here... weird...

 

[DDRtists]

I've been following it for awhile now.

It's going to turn all our computers into Zombies! :nuts:

 

[Whitesock]

It's going to turn all our computers into Zombies!

That would be the plan. They'll probably use infected computers to try to hack password and username combos of major banks or something if they're smart, or they may just down random servers if they want to just be mean.

 

[Blackveiled]

weird. I've never heard of this virus until today in school and now its on here... weird...

Lmfao, same here.

 

[xxxtrickyxxx]

wont bother me much, my pc already runs slower than my grandma from viruses anyway. key logging and information theft sucks tho.

 

[13lade619]

what exactly does this virus do?

 

[DDRtists]

It's a botnet, if you read the article it will tell you this.

Meaning the "herder", the person who made it, can control every computer thats infected. It can be used to take down sites, servers, and lots of things.

http://en.wikipedia.org/wiki/Botnet
Zombie Computers! Oh noes!

 

[Seb!]

It's times like this when I'm glad I have a Mac.

 

[13lade619]

* Denial-of-service attacks where multiple systems autonomously access a single Internet system or service in a way that appears legitimate, but much more frequently than normal use and cause the system to become busy.
* Adware exists to advertise some commercial entity actively and without the user's permission or awareness.
* Spyware is software which sends information to its creators about a user's activities.
* E-mail spam are e-mail messages disguised as messages from people, but are either advertising, annoying, or malicious in nature.
* Click fraud is the user's computer visiting websites without the user's awareness to create false web traffic for the purpose of personal or commercial gain.
* Access number replacements are where the botnet operator replaces the access numbers of a group of dial-up bots to that of a victim's phone number. Given enough bots partake in this attack, the victim is consistently bombarded with phone calls attempting to connect to the internet. Having very little to defend against this attack, most are forced into changing their phone numbers (land line, cell phone, etc).
* Fast flux is a DNS technique used by botnets to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies.

ah.. ok..

 

[black.sheep]

I'm not turning on my laptop(I've removed the battery from it) untill i see what this does.
Also ive been telling people at school this, that the internet is going to die on april the first, I've also backed up a map ive been working on for the last year onto my mothers Ipod because I cant find anywhere else.
I belive this viruis shows how much we rely on computers these days, when I end up making enough money to buy things I want in life, I belive I might start keeping it underneath my floorboards, or atleast out of the great, faceless void known as the internet.

 

[Jindo]

None of the recommended updates at the bottom of the article worked for me, one of the Vista updates should have worked D: (They all said my system was incompatible, oh noez)

 

[13lade619]

umm also, what timezone of April 1st...

i'm gmt +8.. so what zone is the virus operator located?

 

[BlackRose]

Err.... how will it spread? If I do not go to any external links other than TheHelper.net or ones I usually go to... will I be fine? Do not open emails? ........

Is this a hoax )
Retarded computer freaks who have nothing else better to do than destroy other peoples comps :S

**Read article**
It does remind me a bit of Terminator movies, where there is some internet / computer virus trying to destroy the world, or internet world.

 

[13lade619]

Err.... how will it spread? If I do not go to any external links other than TheHelper.net or ones I usually go to... will I be fine? Do not open emails? ........

the operator will send the 'signal' from his/her server to the infected pc's.

 

[BlackRose]

Haha..... April Fools must be so fun for them. How can you tell if your computer is infected.... HOW will get infected?

 

[Varine]

Do the people that make this get excited about weird shit like this? YEAH LETS KILL THE INTERNET!!! Then realize that they just shut down like half of the websites they use?