Twitter – Page 10 – Paul's Tech Talk

Alarming results are coming from the Conflicker Worm

PaulJanuary 22, 2009

[ad#digg-right]Today I’ve been doing research because I surprised how many people have searched for the Conflicker Worm/Virus and I wanted to point just how bad this is getting. I was looking on Twitter about this some more and here is what I found out:

Over a million conflicker hosts: Are you responsible for any of them? (http: //tinyurl.com/awpeep

[Via twitter Hevnsnt]

Now I went there and he seemed to of added “)” to the URL so I took that out and here’s the URL to check this out. I went there and saw all these IP(Internet Protocols) and it claims that it is over a MILLION. I don’t know if it is true because I stopped the list of IP’s due to the size of list.

I also wanted to talk about the rate at which people are finding this site due to the conflicker virus/worm infecting their systems. As you can see it is steadily increasing as more and more people are trying to find out how to get rid of this very pesky infestation. See below for some good resources to get this annoyance.

I went back to twitter and some other places to find out what people are saying about this virus and I found this interesting comment:

Conflicker Virus has locked out my work account again…. slightly upsetting it keeps trying to break my account password

[via Twitter twitpaul]

[ad#ad2-right]According to one blog post, they seem to think this is a test worm trying the waters out to see how well it works. I tend to agree with this blog post because of the unlikely hood of just infecting systems for fun. I also think they are going to use this worm/virus for a Botnet. There have been several post about this being a possible Botnet setup. Acording to Computeworld, They claim this is building a Botnet and I tend to wonder if this was a bad deployment or if they are just reading to start this up after so many computers are infected.

I don’t know what to call the Conflicker a Virus or a Worm. So I’ve decided to just use both. I’ve been telling people to patch there system as soon as possible. I’d also tell people that you need a good AV and a Good Firewall. Although this sometimes won’t prevent you from getting a virus you will undoubtedly need to disable Auto run. Here are some good resources to better help you get this virus off your system:

F-secure Downadup Removal Tool

Symantec 32.Downadup Removal Tool

Bit Defender Removal Tool

Malware Resource

As you can see there are several different options to help remove this virus and I thought I would list them here. I have heard how hard this virus is to remove and I want to help people remove this virus. Some other things to consider is disabling your restore points before you remove the worm, or it will just come back.

How Serious is the Downadup.b/Conflicker Worm?

PaulJanuary 16, 2009

In there latest post F-secure has updated how many people are infect and I’ll quote:

Today’s calculation is a total of 8,976,038 infections worldwide and 353,495 unique IP addresses.

That’s a quite a big difference compared to our last number — there will be a follow up post coming soon to explain the methodology.

[Via F-secure]

F-secure has noticed it went up from 3,521,230 infections worldwide. This Worm has doubled in over a day. So I have done some twitter searching to see if anyone has recently tweeted about this and I find this one comment:
[ad#ad2-right]

WTF? suddenly my antivirus is popping with warnings about a W32.Downadup.B … but I havent received any attachs or installed anything!

[Via Twitter Mklopez]

I’d thought I show you how important it is for you to get ready for a very hard fight ahead of yourselves. You see this hasn’t even begun with this worm.

Here’s are some of the tweets:

2 customers, have this conflicker.worm problem and we are trying every possible solution but nothing turned out to be solved

[Via Twitter Candegger]

@carnal0wnage Hey happy new year, what malware one of my clients just had a large outbreak of the conflicker virus, pretty good virus

[Via twitter MarcoFigueroa]

[ad#ad2-right]This worm doesn’t need to be downloaded because it will use exploits that are currently unpatched in the systems . This worm seems to be spreading by USB sticks and you should really turn that off. If you think you’ve gotten this virus, please check out my Malware Resources and also some of the other post about this worm:

Blasting the Downadup.b/Conflicker back to the stone age

Admins are shaking in there boots due to the MS 09-001 Patch

How to disable autorun the easy way!!! — To prevent Virus attacks from a USB Drive.

I hope these resources help you fight that worm and help people get your system back to normal.

Check out my other Posts about Conflicker/Downadup Worm.

Do you want a Windows 7 Beta key?

PaulJanuary 10, 2009

Update See bottom:

I recently got 3 beta keys for Windows 7 Beta. I decide we are going to have some fun. IF you want one of the 2 beta keys here is how you do it. I want you to twitter it up on twitter. I would like you to make a Tinyurl using your twitter account so I know who sent the most people my way. Here’s how you do it:

Go to Tinyurl.com then you put this page in and tell it you want it to be made with your twitter name without the @ sign(it would look like this : http://tinyurl.com/twitterusername). The 2 most Referrers to come to my site in this weekend and leave a comment will get a reply from my twitter account saying they won and asking for there email account. I want as many people to see this as possible. If you want a beta key for Windows 7 then advertise people to come to my site and find out how they could win themselves. I only have two extra Beta keys. I used one right now to activate this Windows Beta but I will give the other two away for who ever brings in the 2 most people to my site.

[ad#ad2-right]This end at 10pm EST Sunday Night Jan 11, 2009, so you have that long to get people to come to my site and using the tinyurl Custom Alias option to send people to my site or to this page. I say this one last time, the top 2 people using the tinyurl to bring people to my site will get the site. On the side note the other requirement is to have people leave a comment say who referred them to the site. I want to make sure people don’t just create a URL and come that way to many times. So Let’s talke about the Rules:

Use a Custome URL to bring People to my site

Leave a Comment with twitter name who brought them to my site.

I’ll add it up Sunday night 10:00 PM EST January 18, 2009, and will be twittering who wins on twitter. So go at it people send people my way.

According to a blog there seems to be sending out keys that are the same all over the place. I am going to guess that after 2.5 due an over the net activation that these will become invalid. So activate as quickly as you can. I’ve also gotten the same keys from Microsoft also exactly the same Keys this blog is posting so I guess the contest for the 2 keys is now NULL and Void. Sorry guys, didn’t know thought they were unique keys. If you need a key go to that website and get your key!!

Setting up Email Filters for Twitter Phish — Getting Phishing out of the way

PaulJanuary 5, 2009

Ok So we’ve all had the problem of having to deal with this twitter phish, and you can see there are more and more twitter spam.

So how do you start Filtering out the Bad twitter spam?

I’m using Mozilla Thunderbird so this will not be a complete way for people who use other email software.

Once You find your way to this menu you would click new and then you do this:

To get here in Thunderbird Tools From the Menubar and select Message Filters

Now once you’ve named your twitter filter, I named it “Twitter Spam” but you may name it whatever you would like. I then selected to “Match all of the Following”, if you don’t do this it will send all direct messages to your spam folder. You’d get no direct message from anyone about anything. I told the filter if it was from “*@postmaster.twitter.com”. Once you done that you would click the plus sign to add [ad#ad2-right]another row and then I selected the “Subject”. I selected that to filter whatever is in the subject body of the message and filtered for “http://*.access-logins.com”. Then I clicked Move Message to Spam Folder. You can move it to your own twitter spam folder, it is just nice to move it away from the important stuff. You also if you like can Mark it as read also by clicking the Plus sign and selecting “Mark as read” so that you don’t have to worry about reading each and every one. For people who are wondering the Asterisk is a Wild Card which means it does not matter what is in there that is import to prevent getting spam from people you know or from sites you know are phishing.

Some people might like to do this for Google Mail and I see no problem in people doing this before you even get the email but if you’re not using Google mail and would like to do this for your email hosting account by all means follow these steps and you shouldn’t get much phish direct messages. I will say if they us another Free hosting account you’ll get it for the time but it won’t be constant. I hope this helps people get this out of there way. Soon this will be in the past.

If you suspect you will get more blogspot.com links also you can set up a seperate filter to filter for “http://*.blogspot.com” just follow the instructions just like you did but use that instead of the other internet address. I’d also tell people to not Direct message you about a site if it is important to look at to reply to you but don’t direct message you.

Old phish becomes new again

PaulJanuary 4, 2009

According to some reports, this phishing has started up again and is now changed a little web address and when you go to the site it looks like:

[ad#ad2-right]If you sign into this website with your twitter account information, it sends out a Direct message with these links in them rosalierebyb.blogspot.com redirects to http://twittyblog.access-logins.com/login and the only way you can fix this is to CHANGE YOUR PASSWORD.

I’d also suggest getting a password manager so if you use just one password for all accounts you will easily be able to change them and make the passwords much harder to hack. You do not want your passwords stolen do yo? I suggest Roboform it works really well with password management.