Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42869
  • Total Topics: 16078
  • Online Today: 3698
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: georgecloner
« on: 12. April 2009., 04:57:56 »

CONFICKER TEST.

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

The tool pulls images from three sites that Conficker is known to block and displays them in a box. Below the box is a guide to interpreting how you see the images - if they all show up you're in good shape, but if one or more doesn't display it could indicate a Conficker (or other malware) infection.

It's a smart and near-instantaneous test that couldn't be any easier, but keep in mind that if your computer uses a proxy server for web traffic, which can be the case in some companies, you might be infected and still be able to see the images.


 :thumbsup:
Posted by: Samker
« on: 11. April 2009., 14:50:31 »



We knew it would try to make a buck somehow, but until now Conficker hasn't done much beyond spread and update. That changed yesterday, when the worm began installing a rogue antivirus app called SpywareProtect2009 on infected machines.

A Kaspersky researcher reports that the worm began using its peer-to-peer functionality yesterday to pull down new files, including updates and the fake security program. The fake app goes with the usual scareware tactics of identifying threats on the computer (ironically true in this case) and offering to clean the PC for $49.95.

The scareware tactic makes big money for online scammers, and I've talked to some experts who guessed Conficker might take this step. In addition to the scareware download, Conficker is also pulling down an update for a .E variant that will once again allow the worm to spread using a Microsoft vulnerability (MS08-067), and will also attempt to stop more existing programs and block attempts to reach additional domains (see the full list of messed-with processes and domains from Sophos).

The new update also adds an interesting new self-destruct mechanism to automatically delete itself after May 3, 2009. A Microsoft Malware Protection Center blog post has a good list of the new .E variant changes, and the Today @ PC World blog lists some new clues that might point to its creators.

If you see a scareware pop-up or other indicator on your PC, it's important to know whether it's from a relatively harmless visit to a Web site, or whether it 's from an existing malware infection like Conficker.

For a quick and easy way to tell if you're infected with Conficker, use the Conficker Working Group's Eye Chart: http://scforum.info/index.php/topic,2577.0.html

(PCW)
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising