Site menu |
|
|
Our poll |
|
|
Statistics |
Total online: 1 Guests: 1 Users: 0 |
|
|
| | |
| Tricks to play with conflicker b and c
Conficker C Prevention
When it
comes to preventing Conficker C or Conficker B the key is to already be
protected so you do not have to worry about it. Here are a few tips
that will help to prevent the Conficker C virus as well as every other
threat on the web.
1. The first step you should take is to
ensure that your Windows operating system is up to date. Many people
turn of the automatic updates because they find it anoying or just
don’t want to take the time to install the updates. These updates are
very important and they help to plug security holes. Ensure you have
download the update support.microsoft.com/kb/958644 . This
2.
The second step you need to take is to ensre you have active
protection. NO FREE CLIENT gives enough active protection. In fact
almost ALLLLLLLLL and I stress that piont, don’t even give you any
protection on the front end. They only kick in after you have been
infected. If you are using a free client or yours is about to expire
then consider downloading a trial of Spyware Doctor with Antivirus.
This is the client I personally use and recommend out to everyone. The
makers are PCTOOLS. This is a superb product and will prevent infection
in the first place.
3. The next step to avoid the Conficker C
virus is to avoid websites you are not familiar with and free products
that you are unfamiliar with. Such items include, Torrent websites and
files that can be downloaded from those sites, PRON sites. Just about
any website that is ofering free software. While many can be trusted be
sure to do your research on the product before you attempt to download
it.
If you practice just these 3 prevention tips then chances
are you will not become infected and your computer will live a happy
life. You can see it’s not hard to do. The biggest problem many people
have is they want to use a free virus client. That is a big mistake and
it will come back to bite you.
What will Conficker do on april 1st
One question on many peoples mind is what will conficker do on April 1st?
In
case you do not know what the Conficker Worm is here is a brief
description: Conficker first apeared in October of 2008. At that time
it went by several names such as Downadup. This worm has mutated 2
times and in it’s current form it still is a worm but acts more like a
trojan virus.
In a nutshell the third version of this strain
known as Conficker.c is far more concerned about protecting it’s self
then spreading at this piont. The web has not seen the likes of this
type of infection since Zlob and Virtumonde first hit the market
several years back.
On April 1st this trojan will activate and
contact it’s maker to get an update for it’s code. While no one knows
what will happen I personally belive the below is the most likely
senerio. As an expert at removing viruses and spyware I can honestly
tell you I do not know the below will happen but based on past viruses
and spyware this bad boy will most likely follow the same path. Some of
the below is aleady known and I will state those facts first.
Known:
Worm
will block DNS so user will be unable to get updates for their
operating system and most likely will not be able to get updates to for
their security product.
System restore pionts will be removed.
Access to safe mode will be disabled
Many admin features will be disabled.
Unkown but my guess of what will happen
On
April first when Conficker get’s it’s update you will most likely find
several other viruses that will be installed onto your computer. Items
like a Fake security software product that shows bogus scan results is
all but certain to happen in my mind. Users will also find that they
get nothing but re-directs and pop-ups when they try to search the web.
NO
ONE has a fix yet for Conficker.C. However conficker A and B can be
fully removed using Spyware Doctor with Antivirus. As well I have
contacted PCTOOLS. They are the makers of Spyware Doctor with Antivirus
and they have been able to identify and block Conficker.C. In just
another day or so they will have an update that should 100% remove
Conficker.C. For now as we stated it will fully remove Conficker A and
B but will only block conficker.C.
We still recommend using
Spyware Doctor with Antivirus to remove and block this threat. If you
have been infected to the point were you can not even install any
software or you are just not that computer literate then we recommend
www.onlinecomputerrepair.org. This computer repair company is one of
the few places out there that have great experience dealing with
conficker and they will be able to remote into your computer and fully
remove all virus and spyware.
The spread of Conficker
Conficker.c
.b .a, also known as Downadup is spreading fast. The simplest way to
stop the spread is to ensure you have the latest Windows updates. This
one simple tip can really help to stop the spread of Conficker. As well
you need to make sure your antivirus client is up to date.
If you are using a free client then you do not have enough protection and we would recommend Spyware Doctor with Antivirus.
In just 4 days Conflicker.b went from 2.4 million infections to over 8.9 million infections. This was reported by F-secure.
According
to F-Secure, recent variants of Conficker attach themselves to several
processes, disable Windows security services such as Windows Defender,
Windows Error Reporting Services, and others, and create a registry
entry for faster propagation across a network.
As Symantec
points out, the W32.Downadup.B variant not only exploit the original
Windows Server Service RPC Handling Remote Code variation, but can also
spread through infected USB flash memory drives and by cracking weak
network passwords. These latter methods are widely used by
Conficker/Downadup to attack corporate networks.
Conficker/Downadup.B
also infects mapped drives with autorun.inf files that spread the worm
and blocks DNS requests to security sites to prevent downloading of
updated antivirus and antimalware programs.
Perhaps the scariest facts about Conficker, though, are these:
* Conficker generates hundreds of domain names daily, but will only use
a single one of the domains listed for downloading malicious files,
making it very difficult to trace the actual infection sites. *
Conficker’s payload - what it was designed to do - has not been
triggered and is not yet known. What the developers of Conficker could
do with millions of compromised PCs, the majority of which are on
corporate networks, is frightening.
If you are already infected
then you need to check with your security maker IE.. the maker of your
security product. If you do not have a security product yet then you
should consider Spyware Doctor with Antivirus.
In adition you may find these other tools helpful as well.
Removal of Conflicker B
Good
afternoon. With the help of Brandon Enright, I just posted a
Downadup.B/Conflicker.B IP generation and domain name predictor tool.
You can use it to predict the list of domain names that the worm will
contact on a given date. Downadup.B uses a completely different
algorithm for selecting IPs to attack with MS08-067. Fortunately, you
can also use this tool to mimic the random IP address generation
algorithm to predict which IPs the worm will attempt to attack.
To predict the list of C&C domains for any given day:
C:\> downatool.exe -domains 20090127 zjnannre.cc [...]
To mimic the random IP address generation algo:
C:\> downatool.exe -ips 1000 195.115.162.105 63.98.101.24 * 240.73.140.93 (special) * 192.98.44.111 (rfc 1918) [...]
An asterisk implies that the PRNG will generate the IP, but the worm skips it due to the specified reason.
You can throw it into statistics mode (recompile with #define COUNT_MODE) instead of printing the addresses:
C:\> downatool.exe -ips 50000 Statistics on 50000 generated IPs:
Num. RFC 1918: 35 Num. multicast/other: 4309 Num. blacklisted: 33 Num. valid: 45623 Num. impossible: 0 (sanity check!)
The
"impossible" count is the number of IPs in the set with a 2nd or 4th
octet larger than 127 - a limit set forth by the author's use of
Windows rand().
You can print the list of blacklisted IPs too:
C:\> downatool.exe -blacklist [0] 81.12.221.96 - 81.12.221.127 (AVIRA) [1] 91.199.104.0 - 91.199.104.255 (BitDefender) [2] 192.88.209.0 - 192.88.209.255 (CERT) [...]
| |
| | |
|
Sign in |
|
|
Calendar |
« November 2024 » | Su | Mo | Tu | We | Th | Fr | Sa | | | | | | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 |
|
|
IP |
|
|
|