So, what ever happened with this? The week prior to April 1, all you saw in the press every day was “OMG Conficker is coming, hides da wimmin and chilrins”. Then, April 1 comes along, and poof, suddenly no press about it at all, no “we beat it”, no “OMG its still out there”, nothing.
Those of you in network security, any updates?
This is the press release I put out Mar 31st about Conficker. Needless to say, no one in the media went with it, because it didn’t jibe with the hysteria they were stirring up with the help of all those dumbfucks at crappy AV companies.
If you really want to be scared of something, be scared of Virut/Virux. That is some hardcore nasty crap right there, and unlike Conficker, I’ve actually seen it in the field.
Oh my goddess, yes, Virut BAAAAD! If you seen any form of Virut (Virut.A and on), the system is dead. Deceased. Shed off its Tesla coil. Fucking snuffed it.
Conficker does its updates on the first day of every month anyway, doesn’t it? Each update just doesn’t include the previous activation dates since they have already passed…
With the C variant’s domain generation, the author might not be able to immediately push out a new payload, but can just relax and know that the odds are it’ll eventually hit upon his distribution site within a certain period of time. (Edit: Here’s a statistical analysis of the random domain part, from MS’s malware team.
Now does seem like the time you’d expect him to strike though, with a large install base out there now and growing awareness of it starting to erode it as people clean it up.
Woah, viruses can actually kill a computer? Like the hardware itself?
Well, maybe not that bad. But any partition infected with Virut must be wiped. You might be able to rescue some documents.
I had one Virut infection so bad that it trashed almost every EXE on a system, including ones on the HP restore partition. So I couldn’t restore it at all in the infected state.
It was only by sheer luck that i happened to have a similar make/model HP in the shop at that time, and I was able to copy files off of that one to replace the infected files, so I could at least restore it.
You can always scrub the data with a few different file scanners, and Virut tends to only infect EXEs, HTMs, and a few other file types, so you can be safe putting data back, but it’s a complete pain in the ass.
A payload has been delivered and is being spread, though they’re not sure what it does yet.
Edit: F-Secure’s analysis of it so far.