CONFICKER VIRUS THREAT FOR WNDOWS VISTA AND WINDOWS 7: SECURITY EXPERTS PUZZLED

So you think that you have the latest security software to keep your pc or mac safe?well think again.The Conficker virus has opened a new can of worms for security experts , as low security networks, memory sticks, and PCs without current security updates are in grave danger of being severly damaged by the conflicker virus also known to be Downadup or Kido and was first discovered in October 2008.

Portable storage drives such as USB sticks infected with the virus trick users into installing the worm. According to security experts, a ‘social engineering trick’, which exploits the way humans think and act is said to be the biggest challenge that this virus puts before us. Even though the bogus option is marked as being in the category ‘Install or run program’, many users will see the familiar ‘Open folder to view files’ wording and icon that they click on it without thinking.

The "Autoplay" function in Vista and early versions of Windows 7 automatically searches for programs on removable drives.However, the virus hijacks this process, masquerading as a folder to be opened. When clicked, the worm installs itself.

How does the worm work? - Method of infection

Microsoft says that the worm works by searching for a Windows executable file called "services.exe" and then becomes part of that code.It then copies itself into the Windows system folder %Sysdir% as a random file of a type known as a "dll". It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

The virus attempts connections to one or more of the websites such as getmyip.org ,getmyip.co.uk ,checkip.dyndns.org to obtain the public ip address of the affected computer.As soon as the worm is up and running, it creates a HTTP server and then resets a machine's System Restore point (very hard to recover) and then downloads files from the hacker's web site.Later variants of w32/Confickerworm are using scheduled tasks and Autorun.inf file to replicate on to non vulnerable systems or to reinfect previously infected systems after they have been cleaned.

How does Conficker differ from other virus/worms?

Most malware download files from easily detectable malicious or attack sites, making them fairly easy to spot, and immediately shut down the file download.But the worm uses a complicated algorithm based on timestamps from websites such as google.com to generate hundreds of different domain names every day. Only one of these will actually be the site used to download the hackers' files,making it extremely difficult to trace the target site .

Impact and damage caused by the worm so far

It is estimated that a whopping 9.5m PCs are infected with this virus. Once the Conficker worm is executed in a pc, the downadup virus disables essential security services such as windows automatic updates,security center, defender and error reporting to name a few.Along with downloading and installing malware on your computer and gathering your personal data, the conflcker adheres or sticks itself to key windows processes like svchost.exe, explorer.exe.

Removal

It is of paramount that one should turn off autorun and autoplay features in your pcs to prevent the worm from gaining a foothold onto your syatem.Windows users are urged to download the KB958644 Security Update from Microsoft to mitigate the risk of infection.

Microsoft's amlicious software removal tool (KB890830) and f-secure malware removal tool are some of the software that are available to keep conficker at bay.Keeping your antivirus software updated regularly to keep track of the constantly evolving virus definitions is a good preventive measure that would go a long way to ensure safety to your pc.As they say' better safe than sorry'.

Source :--threats.blogspot.com

Reducing Virus Threats

Every computer user dreads the moment when a virus will manage to penetrate the computer system and become the uninvited party crasher. In an effort to minimize the probability of having to experience such a stressful moment, most computer users have now installed in their computer's memory, software programs that act as shields against such malicious threats. These defenders, called antivirus software programs are designed to recognize and thus prevent malicious computer code from being executed without the user's knowledge or permission. Most of today's computer users have at least one antivirus system installed in their computer's hard disk.

Just like mothers advise their children to dress warmly and drink lots of fluids, like orange juices which contain high quantities of Vitamin C, in order to protect their health during the cold winter season, so should a computer user take good care of his or her personal CPU. First, it is important to be aware of the different types of viruses that exist and also to know how they work. But most importantly, one has to keep his or her computer current with the latest updates and antivirus tools. Knowing which the recent threats are is not enough. It is of immense significance to frequently update the antivirus program installed and to follow some simple basic rules when surfing the Internet, downloading files, and opening attachments. According to those who had suffered from malicious code, it does not matter what is the type of virus that your computer has been infected with, or through which method it was led to your computer's hard-disk, as it is critical for you to be able to remove it and to prevent any further damage from taking place.

Towards that direction, computer developers have developed antivirus software systems, Internet firewalls, and antispyware programs. Each of these methods can decrease the possibility of a computer being affected by a dangerous virus, but nothing can 100 percent guarantee that a computer will stay virus-free forever. The only thing one can do towards that direction, is to continue improving his or her computer's security by keeping the firewall system up-to-date and maintaining a current antivirus software subscription. Following the generally accepted guidelines, of never opening an email attachment coming from an unknown sender or to avoid downloading programs from not-trusted sources, can lead to a safer online navigation. These simple rules, along with the performing frequent system updates and keeping backup data files, might be the only methods computer users have so as to continue enjoying a virus-free life.

Source: http://goo.gl/CVNp0

Adware Spyware and Virus Threats - Must Know Facts For PC Protection

Anyone who uses a computer whether it be for professional use or personal use knows that there is a real threat from spyware, adware and computer viruses. All three are similar in that all of them are complete nuisances for users. Yet, they are different but how?

Spyware Rundown

Did you know that spyware is not designed to intentionally harm a computer? However, what it does is open pathways for someone besides the owner of the computer to communicate with it. Typically spyware will record the types of web sites the owner visits which then get sent to web advertisers which allows them to give you unwanted e-mails and annoying pop-ups.

No wonder spyware is looked upon as such a bad thing, ranked to the top with viruses and Trojan horses. It is actually more intrusive than adware is. Adware does not have the capabilities to like spyware to have their own executable programs that monitor and record keystrokes. It will also scan hard drives and look at the computer's applications that a user would normally use. These include chat programs, cookies and the web browser's settings.

Once spyware has all the information it needs, it will send it back to the spyware creator. This data can be then used for various things including marketing and advertising purposes and even sell the information to other parties.

Adware Overview

Although it is annoying, adware is a legitimate form of freeware. Much similar in spyware's original design for advertising, it comes packaged as a software or program. Once these programs are installed, the adware is also installed. Sometimes though, some adware forms, comes from downloading advertising pieces that go with a particular application. Once it is utilized, so is the adware. No doubt, adware is like spyware in that it tracks and records user information for its program authors.

Computer Infection Signs

So how do you know if you have spyware on your computer? One big sign is pop-ups. If you are visiting a site and a pop-up occurs not related to the site you are visiting, a bulb should flash over your head as a wake up call. More times than not, spyware advertisements will have adult oriented themes to it. Should you notice your computer taking longer to load or its really going slow, then spyware and other components related to it, have made their way in. Make sure to have a spyware remover program that will scan and remove said infected files.

Computer Virus Infections

Many people are quite aware of the danger that proceeds with having virus on their computer. They know the destruction these little buggers can do. They were created for only one purpose in mind - to create mayhem on your computer. Viruses will destroy what they come into contact with and then begin to self-replicate. They will touch as many components of your computer software including the operating system as it can before it is detected.

How To Be Rid of Annoying and Destructive Items

There are plenty of anti-virus softwares in the market, many of which provide spyware and adware scan and remove utilities. Others centrally focus on locating and then deleting or destroying these two programs. Whether you have an all-in-one anti-virus program or a dedicated scanning program, have them search your computer on a regular basis by setting up a timer so they can do a search, find and destroy. Remember to update your products often.

Source: http://goo.gl/9MrCD

Virus Protection is Crucial For Virus Removal

It's not easy for a casual computer user to recognize virus attack on his or her computer especially with the subtle signs of computer virus. These subtle signs can be freezing of computer, or blinking of screen all of a sudden and many others. These subtle signs sometimes get unnoticed by the expert computer users as well and hence to ask a casual user to identify the virus threat is a little unfair. The most general symptoms that identifies that your system has been attacked by virus is the closing of programs without prompting, system getting restarted automatically etc. If you have been experiencing them all in your system then its time you purchase a legitimate and really effective virus protection for your computer. The virus protection antivirus programs are capable of providing complete protection to your system, by deleting any potential threat identified in your computer. The modern antivirus software's are capable of handling the virus that truly is infecting your computer and protecting any sort of file or data damage in your system.

Virus protection programs prompts the user about any sort of virus threat identified in the system and also takes the necessary action for its cure and deletes the virus from the computer, keeping your data and files intact from any sort of potential damage. Most of the antivirus comes as trial pack and then as complete pack, so as to help the user to use and check the effectiveness of the antivirus program and if found effective enough then purchase the complete pack for the virus removal program.

If you are not using an antivirus program for your computer then you are leaving your computer vulnerable to the hazardous viruses that can attack your PC from internet, from data transfer devices or through the network with which you are connected. It easily can destroy your system without letting you know what exactly happened and why your system crashed. Most of the software corporations recommends ample virus protection to the computer users to let them use computer and internet without any sort of danger of virus attack that easily can affect your PC.

So whether you are using computer for your personal use or you are using a huge computer network to run your organization, you should get effective and strong virus protection. The worst thing about the virus attack is that some of the viruses are capable of transferring all your computer data over internet, causing a more personal attack by hacking your identity, or banking details. This is why you must remove any sort of viruses from your system and for this you need to get the best antivirus program available in market.

So if you are a computer user and are concerned about its safety then virus protection is what you need and now a day's its easier and cheaper to get legitimate, effective and capable virus protection from the market. Go get it and enjoy safer and faster computer operation without any sort of threat.

Source: http://goo.gl/3JxyQ

2010 Virus Threats - How Stop Them Before They Stop Your PC

Most people buy antivirus software and then never worry about it again. This is fine, except when disaster strikes their PCs and they have no idea what happened. Understanding the virus threats out there can help you to make sure your PC stays safe in 2010.

What You Absolutely Need to Know
Do you have up to date antivirus/antispyware software installed on your computer? If you don't know the answer for sure, you need to check. Most antivirus will tell you when it is out of date. When you first turn on your PC, make sure your antivirus is up to date.

What to Expect in 2010
Look for viruses, trojans, etc. to get even more malicious. The target of viruses in 2010 will primarily be to steal personal information. This will continue the 2006 onward tradition of trojans being the number one online threat. Trojans are dangerous little creatures that hide in otherwise innocuous downloads, only to spring into action in order to steal information on your computer.

What Hackers Love and You'll Hate
Hackers love the fact that people spend so much time online these days. This means ample opportunities for you to slip up and for them to cash in on that mistake. Primarily in 2010, most threats will be designed by organized criminal organizations who are interested in stealing your money. There will always be the 14 year old nephew who figured out how to hack a computer. Beware though, in 2010 the rise of the cybercriminal organization will reach its tipping point.

How to Stop Threats Before They Stop You
The threat: Hackers stealing your personal information. The target: your online banking login and banking information stored on your computer. Many antivirus software offer a personal vault to store information. This is a recommended step because it encrypts(makes it near impossible to read) a file. Here is how to keep your info safe.

1. Invest in an IronKey at http://www.ironkey.com

2. Keep your firewall up and running

3. Do not click on any ads and or links in emails that don't pass the gut test.

Common sense is the best way to keep yourself safe. When viewing an ad online, think to yourself would I approach a store in real life that had these kinds of ads? In general, ignore all ads about Acai berry, working from home, and filling out surveys. These sites usually lead to more trouble than they are worth.

Source: http://goo.gl/8UG82

Protection Against Computer Virus

There are many companies that have programs and software that protect against computer viruses.

Some of the most publicly popular are Symantec / Norton, Kaspersky, and McAfee, but almost any company that is CISSP-certified will be beneficial and is trustworthy. These antivirus software aim at preventing, detecting malware (trojan horses, worms, Adware, spy ware, etc.) through analyzing, specifically heuristics, and ridding your hard drive or "hot-spot" of attacks and viruses.

Norton, statistically, is the most favored protection, which is why it can be found on Windows and Mac models. You can purchase these programs that will protect against computer viruses at your local office stores like Office Max, Wal-Mart or even online.

Some software companies (i.e. Kaspersky) have online scans that protect against computer viruses. You can download various scans from the companies sites for free. This is a lucrative and easy step to protect against computer viruses, even if the scan is just interim.

If you would like more information I would suggest going to a bookstore or library and read about the most updated source with content to protect against computer viruses. If you have any system that can "hook-up" to the Internet it is imperative to have a software or scanner to protect against computer viruses so you can enjoy a crash-free, healthy computer.

Sources: http://goo.gl/1whUU

"Gumblar" Computer Virus A Growing Threat

Experts Say Web Site Compromise Attack Spreading To New Computers, Already Worse Than Conficker

The Web site compromise attack known as Gumblar has added new domain names that are downloading malware onto unsuspecting computers, stealing FTP credentials to compromise more sites, and tampering with Web traffic, a security firm said on Thursday.

The Gumblar attack started in March with Web sites being compromised and attack code hidden on them. Originally, the malware downloaded onto computers accessing those sites came from the gumblar.cn domain, a Chinese domain associated with Russian and Latvian IP addresses that were delivering code from servers in the U.K., ScanSafe said last week.

As Web site operators cleaned up their sites, the attackers replaced the original malicious code with dynamically generated and obfuscated JavaScript, making it difficult for security tools to identify. The scripts attempt to exploit vulnerabilities in Adobe's Acrobat Reader and Flash Player to deliver code that injects malicious search results when a user searches Google on Internet Explorer, as well as search the victim's system for FTP credentials that can be used to compromise additional Web sites.

The domain was changed to martuz.cn before both domains were shut down. And now, the malware is coming from sites including liteautotop.cn and autobestwestern.cn, among others, according to ScanSafe.

"Fortunately, it appears the name servers themselves are being shut down," the company said in a statement. "However, even after Gumblar-related attacks subside, cyber criminals will still possess the botnet of infected computers obtained via Gumblar."

ScanSafe contends that Gumblar is worse than Conficker, a worm that spreads via a hole in Windows, through removable storage devices and network shares with weak passwords, as well as disables security software and installs fake antivirus software.

Gumblar, which was responsible for 37 percent of all malware blocked by ScanSafe during the first two weeks in May, has more intrusive behavior--it intercepts and monitors Web traffic, as well as installs a data-theft Trojan that steals usernames and passwords from infected computers, ScanSafe said.

In addition, once a Conficker infection is remediated there is no further spread of the worm. However, Gumblar can use the FTP credentials it steals to compromise even more Web sites, potentially exposing many more victims, the company said.

To find out if a computer is infected:

1) Locate sqlsodbc.chm in the Windows system folder (by default under Windows XP, the location is C:\Windows\System32\);
2) Obtain the Sha1 of the installed sqlsodbc.chm. File Alyzer is a free tool that can be used to obtain the SHA1 of a file;
3) Compare the obtained Sha1 to the list located on the Scan Safe STAT Blog ;
4) If the SHA1 and corresponding file size do not match with a pair on the reference list, it could be an indication of a Gumblar infection.

The most effective way to remedy an infection is to do a full reformat and reinstallation, according to ScanSafe. Passwords or login details that were stored or used on infected machines should also be changed.

Source :- www.cbsnews.com