Jump to content

April 1st worm

Recommended Posts

Does anyone know about the April 1st worm, will it be safe to use the computer or to visit any sites or is this worm already in most computer.

Maybe this just a April fools joke but do we take it seriously, any comments?

  • Like 1

Share this post


Link to post
Share on other sites

If you are running windows XP or Vista and have the automatic security updates off (as many people do) you could be in trouble.

 

The worm exploits a Windows vulnerability (Known as MS08-067) but windows did release a patch a long time ago

 

The worm is very smart. It can explore network shares with weak or no passwords so it spreads with home office networks, office networks and wifi networks.

 

The worm contains a list of common passwords so if your network or wifi password is "god" (or pretty much any dictionary word) or no password at all - well you may have it if someone in your network got it (or) you may be passing it onto others.

 

What it does... it Copies itself to removable media (USB sticks flash cards media drives etc). Using the AutoRun function (creates autorun.inf file so when you put your USB stick into another computer it shares itself with the other computer.

 

It's not a joke and it has a LOT of people worried. Turns out Microsoft put up a 250'000.00 bounty on the creator.

 

If you are infected and you will want to run out and buy a backup drive right away and start moving files.

 

Don't search on google for a "Free" scan to get rid of it as reports say most of the "FREE SCAN" software is in fact full of virus's.

 

Here is a link to a free scan from microsoft http://onecare.live.com/site/en-us/default.htm (but don't try it with firefox - you must be using IE to use this scan.

 

You can download stuff like AVG, AVAST and other free virus scanners (they should all detect this worm)

Share this post


Link to post
Share on other sites

You can download stuff like AVG, AVAST and other free virus scanners (they should all detect this worm)

 

I have AVG and every day at 12pm it runs a scan on this computer. I also have automatic updates on, but I choose which ones to install. I am also behind a firewall, I wonder if that will make any difference?

Share this post


Link to post
Share on other sites
I am also behind a firewall, I wonder if that will make any difference?

 

Usually no difference if you aren't infected, most of these viruses and worms now use very well know entry points aka ports.

 

It does if you are infected and if you configure the firewall to avoid unwarranted outbound traffic. Then you are basically quarantining your infected network and protecting others.

 

There are 3 basic measures you can take:

1) Patching to avoid the problem. i.e. Vaccination / Preventive measures

2) AVG to detect and clean. i.e. Identification and Medication

3) Isolation to avoid reinfection. i.e. Quarantine

 

For effective anti-virus/anti-worm measures all 3 should be use. Most home owners do none or only one of the above.

 

My 2 cents.

Share this post


Link to post
Share on other sites

I watched the Vancouver morning news today and they said that everyone should stay off the internet for the day on April 1st if they can. Are you all going to carry on as normal or is anyone going to stay off? The problem with this is you can stay off that day but if your friends get infected then the next day when you talk to them you run the risk.

Share this post


Link to post
Share on other sites

Technically April 1st, 2009 has already arrived in some parts of the world... for instance it is 4 am right now in South Korea as I type this and South Korea is in the TOP 5 infected countries and it's almost April first in Seoul. No news yet of what (if anything) has happened in regards to updating.

 

All we know is on April 1st the worm seeks out new instructions from its programmer and this is done in a way that is virtually impossible to trace the person giving the worm instructions. Chances are we will not see anything happen until it becomes April 1st here.

Anyone with a up-to-date antiviral program and a properly updated windows XP or Vista should not be too worried but depending on what this worm does tomorrow.

Share this post


Link to post
Share on other sites
ok i think my son has the worm....he can't get onto microsoft.com. Now what do we do?:???:

 

 

Once you are infected with a worm/virus/trojan you really can't be 100% sure you got rid of it so your best bet is to format the computer and reinstall windows. If you have any documents on the computer or photos you should burn them to disk or put them on a backup drive (but) with this worm it will actually copy itself to your backup drive and install a autorun file on the drive so when you connect it to the new fresh instal it copies itself back in so you must remove the auto config file in the root of the drive. I don't think it can copy itself to DVD or CD as that requires a BURN so backup to CD/DVD is probably your best choice.

 

Don't backup software (any software could hold a copy of the virus) just format the drive, install a FRESH copy of windows and install all your sofware back from the original disks.

 

It's a LOT easier to....

 

1) make sure your computer is set to automatically get the microsoft updates and patches

2) not open any email attachements that are not photos GIF, BMP, PNG, JPG's (Those are reall the only ones that are 100% safe along with .txt files - everything else can pretty much contain a virus)

3) have a good antivirus installed and have it update regularly

 

If you do not do those three things you will get a virus (it's just a matter of time and it's a nightmare trying to deal with a compromized system).

Share this post


Link to post
Share on other sites
Finally after researching the problem online I found a recommendation for malewarebytes to fix the problems I was having and it worked perfectly and I highly recommend it for those that have Windows because malware can be a major pain.

 

Is that maleware or malware? 8) j/k pleae post the link to what you have found out. Nothing here yet (knock on wood) I have AVG free edition, and only ever encountered one trojan horse that was a downloader from Limewire, it has been treated and removed.

Share this post


Link to post
Share on other sites

We have one really old workhorse computer at work that got hit believe it or not it's still running Win 98 to support some very specialized, but old software :) I have two associates who weren't so lucky either with their home networks/computers unable to loginto microsoft or symantec, they got nabbed, but there seems to be some viable solutions out there, failing that a good old format and fresh install of Windows will do the trick! Gotta love technology.

Share this post


Link to post
Share on other sites

I have not seen the news to hear anymore of this worm, what is the verdict on this? Is anyone from Cerb missing? lol Anyone done a head count here? ha ha

Share this post


Link to post
Share on other sites

The worm was activated but is still waiting for instructions from the creator. He/She could use it at anytime if they choose (they seam to just be lying low right now)

Share this post


Link to post
Share on other sites

Well I ran the scanner that MOD suggested above and it found a worm and cleaned it! Not the April 1st one, but some other one.

 

My machine is so much quicker now.....thanks a bunch!

Share this post


Link to post
Share on other sites

what worm was it? I don't mean to scare you cap but you should probably format your computer and re-install windows. See worms/trojans/virus's etc... can give enough access to your computer so that the hacker/script kiddie can install another program that the scanners will not pick up. The scanners find it and "Clean" it but only clean what they know is a virus/trojan/worm... anything installed by that virus/trojan/worm will avoid detection.

 

You need to have a updated antivirus on your computer to catch them BEFORE they are installed on your computer.

 

Now... I asked what one it was because many worms are stopped by stuff like firewalls and some you contract after they become obsolete (Never activated) so you may get off lucky. Unfortunatly 9 of 10 times if the virus/trojan/worm has already entered into your system and executed it can not be cleaned as it will randomly make new files and worm it's way thru your computer infecting other misc. files making it impossible to clean.

 

If you do ONLINE BANKING or use your CREDIT CARD with your computer you may want to keep a very close eye on your financials... and if you notice your computer going really slow lately it could have a spam (email) worm that the spammers use the worm to make your computer send spam (so they can not be traced).

 

Most of the worms these days are used by spammers and phishing for credit card info.

 

Some will allow the hacker complete control over your system (can ever turn on your webcam without you knowing) - this is why some webcams now come with a sheild that you can flip down over the lense and many now have a bright light on them to signal that they are on and streaming.

Share this post


Link to post
Share on other sites

A quick question to those technies (of course I'm not one of them) How does Norton by symantec rate? the 2009 version of course.

It has identity safe, intrusion prevention, anti virus,spyware, Overall your internet security system I guess..is it all I require?

Share this post


Link to post
Share on other sites
A quick question to those technies (of course I'm not one of them) How does Norton by symantec rate? the 2009 version of course.

It has identity safe, intrusion prevention, anti virus,spyware, Overall your internet security system I guess..is it all I require?

 

Well I personally have always used Norton and this year it changed quite a bit again. I did like several features it offered but after installing it my system was extremely slow and I was having a lot of problems getting into my hotmail. A computer tech uninstalled my Norton and installed something else and my machine is running happy and fast again. Some people swear by Norton and others hate it. 2 techs told me that Norton was good when it first came out, a DR. named Norton designed it but then every year after they changed it a bit as technology changed and then many stopped using it. I paid cant recall think something like 80$ or 90$ for it and used it for 1 month and now it is sitting here useless. Perhaps I could have just changed some settings and made it better but several people told me not to use it anymore and also said there was lots of tracking devices in it too. So time will tell I will wait a month or two and see if things remain good, then I will know whether or not to go back to Norton.

  • Like 1

Share this post


Link to post
Share on other sites
A quick question to those technies (of course I'm not one of them) How does Norton by symantec rate? the 2009 version of course.

It has identity safe, intrusion prevention, anti virus,spyware, Overall your internet security system I guess..is it all I require?

 

Norton is excellent but a resource PIG. It will significantly slow down your system (as Brandi had noticed). It was bad years ago and just seams to be getter more and more demanding (I guess as the computer technology increases the speed of the computers the symantic company takes advantage of this and makes norton even more powerful) if your running a brand new computer with power (Duo or Quad processor and lots of ram) you probably will not notice Norton (especially if it came pre-installed on your system) but if you have a computer that is a little older (even 2 years old) you will probably want something less taxing.

 

If you need top level security and are willing to sacrifice speed and performance for this I would say Norton is a good choice but if your computer is slow you may want to try something like avg or avast (they are decent scanners and the companies keep them up to date but they run at much lower overhead).

 

Keep in mind that norton (or any other antivirus program) will not protect you 100%... Most people get the false idea that because they have a antivirus they can open email attachments and stuff. THIS IS NOT TRUE! - the antivirus gets updates (preferably daily or twice a day even) and if you open a email attachment BEFORE the antivirus program has the ability to detect it you are going to get infected. Those UPDATES are virus database definitions and a few thousand people (or sometimes millions) get infected before the antivirus companies can get a virus definition out to the public... so you are NEVER 100% safe with ANY OF THEM.

 

Really, you can prevent most virus's by

 

1) Not opening email attachments

2) Not installing pirated software

3) Not installing software from the internet

 

RECAP: Most virus's are spread BEFORE the antivirus companies have a cure for them. This is done by email and software (usually P2P like limewire)

 

I use AVG and AVAST on the PCs at my home and AVG on my computer at work (I prefer AVG). I really like f-secure as well but had problems running it on my last PC. I don't run any antivirus on my MAC or on my LINUX machine. In fact I like to open the virus's up on the linux machine and try to figure out what they do. LOL.. .

Share this post


Link to post
Share on other sites
don't run any antivirus on my MAC or on my LINUX machine. In fact I like to open the virus's up on the linux machine and try to figure out what they do. LOL.. .

 

So what happens in that circumstance? Are most viruses made for PC's that run an windows OS? I hear people talking about how MACS don't get infected at all:shock:

Share this post


Link to post
Share on other sites

Mac's do get infected but it's rare as they are really not targeted by the people who write virus's. If your going to spend the time to write a program like a virus you want it to infect as many computers as possible... since most people use PC's and windows makes them a easy target it's just the obvious choice.

 

Virus's written for "Windows" will not effect the MAC or any Unix based machine (Linux/Mac/Solaris/sgi/etc..). Mac's can get spyware and malware as well and if you run windows virtually on your mac it is just as risky as running a regular copy of windows.

 

Unix machines (Keep in mind that a MAC is UNIX based) can get what is called a "rootkit" installed (trojan/virus). This would take over the root user and give full access to the machine.

 

A Mac OSX malware known as Opener is a rootkit. It contains a variety of destructive functionality including a keylogger and backdoor components. If you suspect your MAC may have a rootkit you can install a Rootkit Hunter program to find out. Problem is if you have a rootkit installed you need to format and reinstall as you will never clean in fully. When a unix machine is hacked - it is impossible to clean as anyone with root access can hide everything they did making it impossible to track what is and is not infected.

Share this post


Link to post
Share on other sites
Guest S*rca****sid

I can't speak for MAC, but as for Linux, if you are running Windows as a virtual machine the virus will only affect the Windows program. The Windows program is contained within the virtual machine.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
You are posting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...