New Nasty Windows Worm (Downadup, Conficker or Kido)

[silverEyed]

---

thanks for this info.

[joco_ph]

update lang: No joke in April Fool's Day computer worm - CNN.com

[tapsikret]

from our newsletter dated March 23, 2009

WORM_Downad.KK –Activates on April Fool’s Day


Dear customers,



Trend Micro would like to caution about a possible widespread infection on April Fool’s day. Please read the details and recommended actions below for your information.

Details

Worm_downad had infected more than 15 million computers, making it one of the widespread infections in recent times.



A new variant of worm_downad (aka Conficker) is expected to be launched on April Fool’s day.

Trend Micro detects this new variant as worm_downad.kk. More information can be found at WORM_DOWNAD.KK - Technical details. Trend Micro detects this malware starting with pattern file 5.885.00.



Compared to the old variants, worm_downad.kk is more sophisticated. Here are a few of the payloads :

* Connects to various time servers to determine the current date and time.
* Register itself as a system service to ensure auto execution every startup.
* Deletes a registry key to prevent system startup in safe mode.
* Terminates security-related processes (i.e. procexp, regmon, autoruns, gmer etc.)
* Blocks access to security and antivirus websites.
* Generates 50,000 malicious URLs and attempts to connect to around 500 random generated URLs at a time.

__________________________________________________ _______________________________

Recommended Action

* Enable Web Threat Protection
* Make sure that you have the latest virus definitions (at least pattern file 5.885 .00 )
* Run a FULL system scan to ensure that malware does not exist on your PC

Recommended Actions from External Sources

* How to protect against internet threats when you surf online?
* How to protect against threats when accessing Webmail?



Best regards,

Trend Micro APAC team


for more info about this infection visit http://www.trendmicro.com/vinfo/viru...NAD.KK&VSect=T

[jahjay]

wa pa sad ko kadakop ani da.. pero kabasa ko news letter pre, murag bantay2x ta ani.. kung kadawat mo ani, pangitaa ninyo tapsikret, cya sison remove ani.. db pre?

[cliff_drew]

from our newsletter dated March 23, 2009

WORM_Downad.KK –Activates on April Fool’s Day


Dear customers,



Trend Micro would like to caution about a possible widespread infection on April Fool’s day. Please read the details and recommended actions below for your information.

Details

Worm_downad had infected more than 15 million computers, making it one of the widespread infections in recent times.



A new variant of worm_downad (aka Conficker) is expected to be launched on April Fool’s day.

Trend Micro detects this new variant as worm_downad.kk. More information can be found at WORM_DOWNAD.KK - Technical details. Trend Micro detects this malware starting with pattern file 5.885.00.



Compared to the old variants, worm_downad.kk is more sophisticated. Here are a few of the payloads :

* Connects to various time servers to determine the current date and time.
* Register itself as a system service to ensure auto execution every startup.
* Deletes a registry key to prevent system startup in safe mode.
* Terminates security-related processes (i.e. procexp, regmon, autoruns, gmer etc.)
* Blocks access to security and antivirus websites.
* Generates 50,000 malicious URLs and attempts to connect to around 500 random generated URLs at a time.

__________________________________________________ _______________________________

Recommended Action

* Enable Web Threat Protection
* Make sure that you have the latest virus definitions (at least pattern file 5.885 .00 )
* Run a FULL system scan to ensure that malware does not exist on your PC

Recommended Actions from External Sources

* How to protect against internet threats when you surf online?
* How to protect against threats when accessing Webmail?



Best regards,

Trend Micro APAC team


for more info about this infection visit WORM_DOWNAD.KK - Technical details

Conficker will not likely to activate on April 1st. It could be but we are not sure, so better clean those infected computers prior this date.


Here's a Q & A webblog from a security vendor's website, F-Secure.
Questions and Answers: Conficker and April 1st

[cliff_drew]

update lang: No joke in April Fool's Day computer worm - CNN.com

bro, here's a comment to this.


"The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates." - from Graham Cluley’s blog

[SentoKaishi]

pde mangutana mo block ni og site ang conficker nga worm example mo sulod ka sa microsoft.com page load error mao bani symptoms nga naay confiker imo comp ngutana lang....

[cliff_drew]

pde mangutana mo block ni og site ang conficker nga worm

Definitely, yes. Primarily, security-related domains are the one that will be blocked.

example mo sulod ka sa microsoft.com page load error mao bani symptoms nga naay confiker imo comp ngutana lang....

Not necessary. You can refer 1st page of this thread for the symptoms if your PC has been infected by Conficker.

[waterboy0911]

bay hantod karon bay.. nag lisod mi sa amo office pag unsa pag tang tang.. even amo na g update ang vulnerability security.. sa g post.. daghan nasad mi g suwayan pag tang tang.. still there.. mo sud gyud sya balik sa registry...grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr.. . bay need help.. kinsa man ang naka tang tagn gyud.. pls....

[joco_ph]

bro, here's a comment to this.


"The truth is that Conficker is not set to activate a specific payload on April 1st. Rather, on April 1st Conficker will begin to attempt to contact the 50,000-a-day potential call-home web servers from which it may receive updates." - from Graham Cluley’s blog

thanks for the update