Comments on: Downad/Conficker, who’s the April Fool? http://countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool/ Rik Ferguson blogs about current security issues. Thu, 11 Mar 2010 04:04:47 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: bodo unger http://countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool/comment-page-1/#comment-4063 bodo unger Fri, 08 Jan 2010 02:17:37 +0000 http://countermeasures.trendmicro.eu/?p=311#comment-4063 The writer of the conficker virus is Mario Fiege a German in the Philippines. he is working with glavmed.com.stimul-cash.com , rx-promotion.com , spamit.com. He is pretending to be a russian in the internet while hacking domains,,hijacking forums and sending millions of email spam out of malware ghettos like asian. He is using proxyway.com The writer of the conficker virus is Mario Fiege a German in the Philippines. he is working with glavmed.com.stimul-cash.com , rx-promotion.com , spamit.com. He is pretending to be a russian in the internet while hacking domains,,hijacking forums and sending millions of email spam out of malware ghettos like asian.
He is using proxyway.com

]]> By: 2010 – Year Of The Zombie Cloud? | Business Computing World http://countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool/comment-page-1/#comment-4020 2010 – Year Of The Zombie Cloud? | Business Computing World Wed, 16 Dec 2009 09:41:48 +0000 http://countermeasures.trendmicro.eu/?p=311#comment-4020 [...] the first half of the year, the Conficker worm (also known as Downadup or Kido) stole all the headlines in the malware world. Eventually the [...] [...] the first half of the year, the Conficker worm (also known as Downadup or Kido) stole all the headlines in the malware world. Eventually the [...]

]]> By: ReleaseTest » Conficker with 10M victims, April 1 update soon http://countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool/comment-page-1/#comment-3863 ReleaseTest » Conficker with 10M victims, April 1 update soon Mon, 12 Oct 2009 04:00:02 +0000 http://countermeasures.trendmicro.eu/?p=311#comment-3863 [...] “The Conficker worm is going to change its operation a bit, but that’s unlikely to cause anything visible on 1 April,” F-Secure said. The company also noted that only the latest version of the malware, known as ‘Conficker C’, which constitutes a small percentage of total infections, would be carrying out any instructions on 1 April. “The truth is that Conficker is not set to activate a specific payload on 1 April. Rather, Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.”  Malware creation has evolved into a lucrative business since Melissa, and most experts believe that Conficker’s update will be the first step in a spam run or other money-making activity, rather than an old-fashioned attempt at internet mayhem. “The people behind this piece of code are very skilled, very well informed and resourced. They have invested much time and effort in the creation of this botnet, and will be aiming to see some return on that investment,” wrote Trend Micro senior security advisor Rik Ferguson in a blog post. [...] [...] “The Conficker worm is going to change its operation a bit, but that’s unlikely to cause anything visible on 1 April,” F-Secure said. The company also noted that only the latest version of the malware, known as ‘Conficker C’, which constitutes a small percentage of total infections, would be carrying out any instructions on 1 April. “The truth is that Conficker is not set to activate a specific payload on 1 April. Rather, Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates.”  Malware creation has evolved into a lucrative business since Melissa, and most experts believe that Conficker’s update will be the first step in a spam run or other money-making activity, rather than an old-fashioned attempt at internet mayhem. “The people behind this piece of code are very skilled, very well informed and resourced. They have invested much time and effort in the creation of this botnet, and will be aiming to see some return on that investment,” wrote Trend Micro senior security advisor Rik Ferguson in a blog post. [...]

]]> By: 60 Minutes Conficker and Malware Report | Software News Daily http://countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool/comment-page-1/#comment-3730 60 Minutes Conficker and Malware Report | Software News Daily Wed, 16 Sep 2009 17:49:54 +0000 http://countermeasures.trendmicro.eu/?p=311#comment-3730 [...] up harmful links that will in fact deliver the worm to the very people looking to remove it. In its detailed report of the different instances of Conficker, Trend Micro states that internet based virus scans will [...] [...] up harmful links that will in fact deliver the worm to the very people looking to remove it. In its detailed report of the different instances of Conficker, Trend Micro states that internet based virus scans will [...]

]]> By: Twitter Trackbacks for Downad/Conficker, who’s the April Fool? » CounterMeasures [trendmicro.eu] on Topsy.com http://countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool/comment-page-1/#comment-3593 Twitter Trackbacks for Downad/Conficker, who’s the April Fool? » CounterMeasures [trendmicro.eu] on Topsy.com Mon, 24 Aug 2009 07:30:10 +0000 http://countermeasures.trendmicro.eu/?p=311#comment-3593 [...] Downad/Conficker, who’s the April Fool? » CounterMeasures countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool – view page – cached A Trend Micro Blog. Rik Ferguson and others blog about security related issues — From the page [...] [...] Downad/Conficker, who’s the April Fool? » CounterMeasures countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool – view page – cached A Trend Micro Blog. Rik Ferguson and others blog about security related issues — From the page [...]

]]> By: joey http://countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool/comment-page-1/#comment-121 joey Wed, 01 Apr 2009 14:45:54 +0000 http://countermeasures.trendmicro.eu/?p=311#comment-121 okay I also will Say this The Person who made is Is almost 85% sure using a IRC infection meted.. that sends cmds to a irc server.. by the maker ... IF its a private IRC then noone can find the orignal maker. of it.. No Matter what.. about the Data sending i don't think there will be.. maybe Just websites and a few others things to send the virus out to more people but thats about it.. And also it can be someone also on there pc like me .. typing away there life.. on a computer.. and Using there internet to connect to the victoms but most worms use IRC .... Newer ones.. so Yeah... thanks for reading joey okay I also will Say this The Person who made is Is almost 85% sure using a IRC infection meted.. that sends cmds to a irc server.. by the maker … IF its a private IRC then noone can find the orignal maker. of it.. No Matter what.. about the Data sending i don’t think there will be.. maybe Just websites and a few others things to send the virus out to more people but thats about it..

And also it can be someone also on there pc like me .. typing away there life.. on a computer.. and Using there internet to connect to the victoms but most worms use IRC …. Newer ones.. so Yeah…

thanks for reading

joey

]]> By: Rik Ferguson http://countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool/comment-page-1/#comment-99 Rik Ferguson Tue, 31 Mar 2009 12:34:35 +0000 http://countermeasures.trendmicro.eu/?p=311#comment-99 Hi Robert, Yes, this is absolutely a recurring problem. If you have a machine that is infected, then in most cases it will not be possible to use that particular machine to download repair tools from most domains associated with security. The best course of action is to use a machine that is not infected to make the download, then use some kind of removable media to get the fix tools to the infected machine. Make sure that removable media is write-protected before you put it into the infected machine. Hi Robert,

Yes, this is absolutely a recurring problem. If you have a machine that is infected, then in most cases it will not be possible to use that particular machine to download repair tools from most domains associated with security. The best course of action is to use a machine that is not infected to make the download, then use some kind of removable media to get the fix tools to the infected machine. Make sure that removable media is write-protected before you put it into the infected machine.

]]> By: Robert Burntwing http://countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool/comment-page-1/#comment-97 Robert Burntwing Tue, 31 Mar 2009 11:53:31 +0000 http://countermeasures.trendmicro.eu/?p=311#comment-97 If the virus is blocking AV sites, how would one download the sysclean tool from trend micro? If the virus is blocking AV sites, how would one download the sysclean tool from trend micro?

]]> By: Latest Antivirus Updates » What Will Go DOWNAD on April 1? http://countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool/comment-page-1/#comment-88 Latest Antivirus Updates » What Will Go DOWNAD on April 1? Mon, 30 Mar 2009 11:59:51 +0000 http://countermeasures.trendmicro.eu/?p=311#comment-88 [...] Downad/Conficker, who’s the April Fool? [...] [...] Downad/Conficker, who’s the April Fool? [...]

]]> By: What Will Go DOWNAD on April 1? http://countermeasures.trendmicro.eu/downadconficker-whos-the-april-fool/comment-page-1/#comment-86 What Will Go DOWNAD on April 1? Mon, 30 Mar 2009 10:21:57 +0000 http://countermeasures.trendmicro.eu/?p=311#comment-86 [...] Downad/Conficker, who’s the April Fool? [...] [...] Downad/Conficker, who’s the April Fool? [...]

]]>