April Fools! New Computer Virus Timed to Do Its Damage on April 1
Posted: Friday, March 27, 2009
by Danny Davids
Traditionally April 1, or April Fool's Day, is the day people resort to pulling pranks on family and friends. Well, some computer programmer with too much sugar in his (or her) system and too much free time on his (or her) hands has decided to prank computer owners on the same day. A new computer worm is designed to check your computer's clock regularly, and on April 1 it attacks, modifying your operating system software, preventing computer access to certain processing functions and files, and locking out options that would allow you to remove it. What's worse, it may already be on your computer.
(For those of you wondering, check out these Wikipedia entries on the differences between a computer virus and a computer worm.)
The worm is known as Conficker.C and Conficker.B++. Discovered in early January 2009, the program usually is transferred to a computer via the Internet or by sharing files from a computer that's already infected. On April Fool's Day, the program will launch itself, burying copies of itself in up to five Windows-related system folders (all under different names), creating access control entries in your computers to lock files, and registering "dummy services" in your computer that slow your system down. It also makes changes to your computer's operating system that turn off security notifications and processes, prevent restarting the computer in Safe Mode, delete system restore points, disable error-reporting and security services -- in effect, making sure you can't remove the worm from your system.
The major companies that offer antiviral software, like Microsoft, Symantec, and McAfee, have already updated their virus signature files to include ConFicker.C. However, once the worm activates, it blocks access to these antivirus Web sites, which means you can't download or install any removal tools.
What can you do to prevent yourself from being clobbered by Conficker.C? If you haven't already done so, contact your Internet Service Provider (ISP) to make sure you have their latest version of antivirus software loaded on your computer. If your ISP doesn't include one, you can go to Microsoft's Web site and download and install their antivirus product, Windows Defender. If you're already running a program, run the process that updates the program with the latest virus definitions. Then manually run a full scan of your computer. Check the report the software generates and make sure that any viruses/Trojans/worms listed show up as having been either deleted, removed, or quarantined. Finally, reboot your computer immediately after completing the scan. It wouldn't hurt to also look at programs that can remove spyware, malware, adware, and hostageware from your computer. Two good programs I've used with success are SuperAntiSpyware and Malwarebytes' AntiMalware; they're effective and have versions that are free, which is always a plus.
I look forward to the day when clowns like virus-writers get hit, and hit hard, for pulling pranks like this. Until then, you can find the tools you need to protect yourself from somebody's idea of a computer drive-by. It's always better to prevent an attack than it is to fix it.
The worm is known as Conficker.C and Conficker.B++. Discovered in early January 2009, the program usually is transferred to a computer via the Internet or by sharing files from a computer that's already infected. On April Fool's Day, the program will launch itself, burying copies of itself in up to five Windows-related system folders (all under different names), creating access control entries in your computers to lock files, and registering "dummy services" in your computer that slow your system down. It also makes changes to your computer's operating system that turn off security notifications and processes, prevent restarting the computer in Safe Mode, delete system restore points, disable error-reporting and security services -- in effect, making sure you can't remove the worm from your system.
The major companies that offer antiviral software, like Microsoft, Symantec, and McAfee, have already updated their virus signature files to include ConFicker.C. However, once the worm activates, it blocks access to these antivirus Web sites, which means you can't download or install any removal tools.
What can you do to prevent yourself from being clobbered by Conficker.C? If you haven't already done so, contact your Internet Service Provider (ISP) to make sure you have their latest version of antivirus software loaded on your computer. If your ISP doesn't include one, you can go to Microsoft's Web site and download and install their antivirus product, Windows Defender. If you're already running a program, run the process that updates the program with the latest virus definitions. Then manually run a full scan of your computer. Check the report the software generates and make sure that any viruses/Trojans/worms listed show up as having been either deleted, removed, or quarantined. Finally, reboot your computer immediately after completing the scan. It wouldn't hurt to also look at programs that can remove spyware, malware, adware, and hostageware from your computer. Two good programs I've used with success are SuperAntiSpyware and Malwarebytes' AntiMalware; they're effective and have versions that are free, which is always a plus.
I look forward to the day when clowns like virus-writers get hit, and hit hard, for pulling pranks like this. Until then, you can find the tools you need to protect yourself from somebody's idea of a computer drive-by. It's always better to prevent an attack than it is to fix it.
This Article has been viewed 2,627 times. (Not updated in real-time.)
Top-level comments on this article: (1 total)Hi Danny.Thanks for the heads up and the advice.Dianne
We want your comments! If you can read this, you don't have javascript enabled, so you can't use this comment system. Please enable javascript.