Author Topic: April Fools Virus (Read 959 times)

1pLUs44 · « **on:** March 31, 2009, 09:10:10 PM »

Turn off your computers at midnight, make sure you're completely updated.

It's apparently pretty nasty, so, hope you already didn't get it. (Hopefully, Firefox did it's part pretty well.)

I'm updating AVG, and downloading the windows update right now.

StokesAk · « **Reply #1 on:** March 31, 2009, 10:03:48 PM »

April Fools.

SPKmes · « **Reply #2 on:** March 31, 2009, 10:10:16 PM »

Don't worry. I live your future and the day passes with no such event.

JunkyII · « **Reply #3 on:** April 01, 2009, 12:08:39 AM »

Quote from: SPKmes on March 31, 2009, 10:10:16 PM

Don't worry. I live your future and the day passes with no such event.

Yea im in korea and nothing has happened, i think you need to lay of the paodi

WilldCrd · « **Reply #4 on:** April 01, 2009, 12:28:35 AM »

The early reports from other parts of the world claimed that the worm didn't really cause any issues. It does have a key logger tho.
It was also reported that one way to know your infected is that you can get the microsoft update site and cant update you anti-virus thru the web.
The only workaround is to have the update emailed to you or transfer it from a removable media.
Seems its more of a inconvenience than a major threat.....but who knows tomarrow we may wake up back in the dark ages if you beleive some of the doomsayers regarding this virus

.

The only skeery kinda thing is that nobody really knows WTF this thing actually does. only that its dormant till april and some website or soemthing on the web activates it, "they" dunno what though

Nilsen · « **Reply #5 on:** April 01, 2009, 12:32:12 AM »

Are we all gonna die now like we were supposed to with the millenium bug ?

trigger2 · « **Reply #6 on:** April 01, 2009, 12:55:12 AM »

Well, even so, the confiker's a right nasty bug, to the point where microsoft's got a 250,000 USD reward out for whoever has info leading to the arrest of whoever made it...

But I think all will be well...

Dadsguns · « **Reply #7 on:** April 01, 2009, 08:24:57 AM »

I would turn myself in for that kind of money......

Denholm · « **Reply #8 on:** April 01, 2009, 08:51:44 AM »

Too bad Microsoft doesn't get smart and install the virus on one of their computers. In doing this they can sniff the packets of the computer which is infected. Once the virus contacts the website for instructions on how to operate, remove the virus and look at the packet log. Within that packet log is information of when the virus contacted the website's server, the IP of the server, and what the virus was looking for. With that information Microsoft could contact the owner of the server's IP and ask for information regarding recent domain registrations. Now you have your list of suspects.

Mickey1992 · « **Reply #9 on:** April 01, 2009, 09:00:49 AM »

Quote from: Denholm on April 01, 2009, 08:51:44 AM

Once the virus contacts the website for instructions on how to operate, remove the virus and look at the packet log. Within that packet log is information of when the virus contacted the website's server, the IP of the server, and what the virus was looking for.

The first two versions of the virus pinged 250 unique IPs a day looking for updates or instructions. The 3rd version pings 50,000 unique domains a day. It's a fairly advanced virus.

https://www.honeynet.org/files/KYE-Conficker.pdf

The majority of infections are in Asia. It is estimated that more than 85% of the copies of Windows installed in Asia are counterfeit, and they therefore can not get security updates so they are more vulnerable to attacks.

Denholm · « **Reply #10 on:** April 01, 2009, 09:04:45 AM »

Well, I know that. However only one IP will respond with instructions. The packet sniffer will pick that up thus giving you the IP of where the instructions came from. Yes, it's time consuming to sift through the information the packet sniffer picked up. However if you want to catch the guy, that would be the easiest way to do it.

Enker · « **Reply #11 on:** April 01, 2009, 02:55:36 PM »

Now, what if instead of one IP address giving instructions, multiple IP addresses only have parts of the instructions? Or is that not possible yet?

Tr1gg22 · « **Reply #12 on:** April 01, 2009, 03:07:44 PM »

Quote from: JunkyII on April 01, 2009, 12:08:39 AM

Yea im in korea and nothing has happened, i think you need to lay of the paodi

StokesAk · « **Reply #13 on:** April 01, 2009, 03:09:30 PM »

You have been infected!!!!1

trax1 · « **Reply #14 on:** April 01, 2009, 03:17:16 PM »

Quote from: Denholm on April 01, 2009, 09:04:45 AM

Well, I know that. However only one IP will respond with instructions. The packet sniffer will pick that up thus giving you the IP of where the instructions came from. Yes, it's time consuming to sift through the information the packet sniffer picked up. However if you want to catch the guy, that would be the easiest way to do it.

The thing is that the way the creator of the virus is giving it instructions is he breaks into one of those 50,000 domain names that the virus goes to to get it's instructions, now there's no way to monitor all 50,000 domains, someone who creates a virus thats this good is more then capable of staying undetected, hell Microsoft is offering a $250,000 reward for information leading to the arrest of the virus's creator, I doubt they'd offer that large a reward if it was that easy to trace him.

Aces High Bulletin Board

Author Topic: April Fools Virus (Read 959 times)

1pLUs44

April Fools Virus

StokesAk

Re: April Fools Virus

SPKmes

Re: April Fools Virus

JunkyII

Re: April Fools Virus

WilldCrd

Re: April Fools Virus

Nilsen

Re: April Fools Virus

trigger2

Re: April Fools Virus

Dadsguns

Re: April Fools Virus

Denholm

Re: April Fools Virus

Mickey1992

Re: April Fools Virus

Denholm

Re: April Fools Virus

Enker

Re: April Fools Virus

Tr1gg22

Re: April Fools Virus

StokesAk

Re: April Fools Virus

trax1

Re: April Fools Virus