Conflicker information

Recently, the media has been broadcasting dire warnings about the Conflicker worm. I haven’t seen as much “the sky is falling” hype since Y2k (which was a problem — I had to put a lot of work into making our system compliant, it just wasn’t the end of life as we know it).

Is Conflicker really that bad of a problem? Yes, it could be. Estimates have it that there are over 10 million infected machines out there. These machines could be used as a botnet to collectively attack major websites or critical Internet infrastructure sites, causing outages and other problems. It could also be used to gather personal information on each infected machine, which could lead to identity theft and other problems for the user.

So what really happened on Wednesday? Basically, the worm began to check more sites for new updates. The older variants only checked 250 websites and the new one checks 500 sites. This means that there is a greater chance for a destructive payload to be delivered to the infected machines.

How do you know if you are infected? One of the easiest ways is to check out the Conflicker Eye Chart — if you can see all of the images, odds are that you are not infected. If you can download Windows Updates and Antivirus updates, you are most likely not infected. However, if you are having problems downloading updates and/or cannot see some of the images on the Eye Chart website, you should immediately check your system for this worm. Many different removal tools can be found at the Conflicker Working Group’s website.

One thing I need to stress here: the patch for this vulnerability was released by Microsoft in October 2008. Conflicker would not be an issue of the infected machines had been patched properly. Microsoft releases new patches every month (on the second Tuesday); you should be applying these patches in a timely manner. Either go to Windows Update or Microsoft Update every month after the patches are released or simply turn on Automatic Updates.

Personalized spam?

I’ve been getting a ton of spam addressed from my own account, as if I sent myself a bunch of spam. What kind of brainiac thought this was a good idea? Who says “Hey, here’s a great offer on Viagra! Maybe I’ll buy it from myself!” Does anybody really fall for that? 🙂

It’s actually gotten so bad that I’ve started digitally-signing all of the email I send out. A friend of mine says that I actually sent her a virus; as security-conscious as I am, I highly doubt that. What mostly likely happened was that somebody I know had my email address in their address book and then got a virus/worm that stole their address book, so that those addresses could be used to fake the from header on spam or virus emails.

Now, when people tell me to stop sending them spam, I can simply say “was it signed by me? Did it have a footer discussing digitally-signing email? If not, it wasn’t me!”

I hate spam; I wish spammers could be charged a dime for every spam/virus email sent — that would stop them! Sad thing is that there have been different systems designed to decrease or eliminate spam, but not all ISPs have implemented them. If they would, it would make a difference.

Alert: Antivirus 2009

If you are running Microsoft Windows and you see popup windows saying that your machine machine contains viruses and that you can use Antivirus 2008 or Antivirus 2009 to automatically clean them, do NOT allow it touch your machine — it is a virus. The best bet is to close the window by clicking on the red X in the top-right corner of the window; you may have to kill the firefox/iexplore process in Task Manager (right-click on the taskbar, choose Task Manager and either use the Applications or Processes tab to End Task the browser’s process).

Many smart people are getting duped by this virus, and it can be difficult to remove from your machine once it has been infected.

The safest thing to do is to become aware of which antivirus you are running and ignore any prompt that comes from a different antivirus package.

If you get infected and need help, let me know and I can direct you to instructions how you may be able to recover your machine. As always, having recent backups of your critical data is a good thing. 🙂