April 1, also known as “today,” was supposed to be the date of the Conficker worm’s debutante ball. It’s the date that many had predicted would bring so many Windows-based computers to their knees. Yet, here we are, around noon EDT, and we haven’t seen much in the way of the widespread confusion and panic that we were promised. (Note: for confusion and panic today, go to London.) What’s going on?
First, what is Conficker? Long story short, it’s a computer worm that has been around for a few months now; it targets Windows PCs. (Sorry, Lauren!) No one knows for sure what the grand aim of the worm is: is it merely a prank, created to cause wanton destruction? or is it something more sinister, perhaps, dare say, designed to commandeer a number of PCs to use as a Zombie Hoard? (To echo Homer Simpson, first you get the PCs, then you get power, then you get the women. Or money, as it were.) Again, no one knows.
In any event, April 1 is merely the day that a switch flipped in the worm that makes it harder to remove and detect—not exactly the Doomsday scenario that some had predicted.
And while the world as we know hasn’t collapsed, there have been a few instances of possible Conflicker-related mishaps:
• An Air Force base in Alaska, one that’s loaded with nuclear missiles, briefly went on Defcon 3, or full-scale military alert. Depending on whom you want to believe, blame either Conficker or an over-caffeinated engineer. (The Defcon 3 status did not last long.)
• An ATM in Iceland starting pumping out 100-Krona notes. (Don’t get too excited: 100 Krona is only about $0.82 USD.)
• Big Ben stopped ticking, but that could just be a coincidence. Parliament wants a full investigation. Methinks Parliament has better things with which to concern itself.
Our own Scott Merrill was on a California radio station yesterday, more or less telling people the usual: keep your machines up-to-date by running Windows Update, install an anti-virus software program (like Norton), etc. Common sense stuff, really.
Watch, after this fairly mild post publishes pigs start flying, cats and dogs break bread, etc. Chaos!
conficker not confLicker – there is no L. Unless you’ve been licking a lot of conf lately. Sounds delightfully vulgar.
Its Conflicker… Conficker, Kido, Downanup, Downandup, downup… it has many many names, but confLicker has been the predominant name in the US.
microsoft.com has been down all day
microsoft.com has been down if you have the worm…
I don’t have it – and its not just me reporting it. Could be we’re just seeing it from our location (Grand Rapids, MI)
Site works fine for me. Loaded faster than just about anything else.
Do you use AriaLink? We can’t access their site either, but it’s due to a shitty ISP.
Well it ruined my day yesterday running around update all the computers i could in just a couple hours. Needless to say nothing happened
WSUS could have saved you lots of time with those updates.
I hear ya, I spent the past month watching, studying and preparing for April 1… Yesterday was crazy (like yourself, I was making double sure that i had all my updates/posted and running. ARGH… but honestly i think we still are not out of the woods…
The patches came out in October 2008. Procrastinate much?
Conflicker has resulted in the loss of many clinical facilities records. Also, currently the call center I work from is experiening an issue where when we sent an attachment via email the recipient begins to recieve all files on our computer instantly. The only way to stop this is to unplug the sending machine immediately.
Just an update from our end.
sickk kidss??????
travis,
did you do updates as specified by Microsoft, and Symantec? I have a windows shop and all day today I have been watching my router logs to see any influx in data transmission (like what you stated) Good luck..
yall are freaks if you eat that or even touch it……
I would expect better from a tech website than to recommend that old resource hog that is Norton.
tsk tsk
Sponsors ftw!
Norton Internet Security 2009 is supposed to have fixed the notorious resource gluttony. In Australia our computer journals are all running reviews saying Norton deserves “a second chance”. (And no, I use AVG Free at home and McAfee at work, so I’m not a stooge for the company.)
Given the unexpected ability to know the technical savvy-ness of the IT Professionals who post on this forum, I though it appropriate to address an issue with a well known security provider in the industry. In no way am I suggesting that Norton is the way to go; however each security provider’s response to this worm is the same: (Update with Microsoft MS08-067)
No Pun Intended.
linux.. no worries.
I would have to say the samething as Speedracer concerning the statement made by bonyboy. He was just quoting Symantec and MacAfee which are the big names in the public eye when it come to AntiVirus security and such and quoting MS.
I don’t feel he was “Promoting” Norton at all with his previous statement!
http;//www.microsoft.com don’t load for me from my isp. Fuse.net from Cincinnati Bell. I have a feeling that it do to this worm and its effecting certian isps from accessing the site.
Open source remover, detector, vacination:
http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/
:)
Spent the whole day and night till 3 AM patching our over 50 servers…gotta love viruses…or potential ones…
I feel you your pain Rog! I was at work from 7 am until 9 – 9:30 patching workstations and servers and making sure all of the machines were up to date!
The main problem that I have with it is the fact that we are looking at a BOTNET– or a Super BOTNET. (Lovely Windows computers which are out of date due to *who-knows what) With a botnet like this one, there is almost no limit to what, where, the author(s) might strike. This Worm is extremely sophicated and has for the most part out-witted over 50 million computer users. I am not taking this worm lightly
Guess, What the worm is designed to infect .JS files on your webserver and ping 2 websites with extensions .cn
Look closely at the bottom of you browser where it says done, while loading a website infected by this kido/Conflicker it tries to ping
litehitscar.cn/index.php
this site does not exist but it downloads updates from these sites.
I need to find an antivirus that works on the webserver.