But remember Y2K? that was taken very seriously by very many. Only a few
were chosen. Safe computing, usual updating (Perhaps with a little extra
check thrown in here and there); but no unnecessary panic-mongering or
forwarding of emails to 'everyone you know'. If everyone had to know about
it, then we should have got this about two weeks ago!
----- Original Message -----
From: "Dorene Cornwell" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, April 01, 2009 1:56 AM
Subject: Re: [VICUG-L] info on confiker, from Kim Komando, get this around,
folks!
One of my screens for virus warnings is the status of outlets and lists
that news comes from. By the time something is in Computerworld, the
Washington Post, and whatever other source was mentioned, it has
usually been checked out pretty thoroughly. In this case, I would
follow as many of Kim Kommando's recommendations about increasing your
security as you can.
Hoax busters is often a good idea, but this time, I am inclined to take
things pretty seriously.
DoreneC
Seattle WA
-----Original Message-----
>From: Christopher Chaltain <[log in to unmask]>
To: [log in to unmask]
Sent: Tue, 31 Mar 2009 4:31 pm
Subject: Re: [VICUG-L] info on confiker, from Kim Komando, get this
around, folks!
I advocate the advice found on
http://www.hoax-slayer.com/virus-warning-forwards.shtml, which says in
part:
While the willingness to let others know about a potential computer
security threat is commendable, forwarding a "virus warning" email may
not be the best way to approach the issue.
I think this advice is especially pertinent in this case since no one
knows what will happen on April 1st and since the best defense or
remedy
is just to practice normal safe computing habits. In particular:
* Make sure your OS and any applications that get on the network or
support scripts or macros are at the latest level, for example,
browsers, media players, office suites, ....
* Run your favorite antivirus software at the latest level
and with the
latest signature file.
* Practice good common sense, e.g. don't download or run any programs
from anything than a reputable source and try to run them through an
antivirus tool first.
* Don't forward virus warnings. The network traffic of the emails may
be
a greater threat than the virus itself, plus I've seen more than one
case where misinformation in a virus hoax has actually had people
corrupt their own systems.
Harry Brown wrote:
>
> Hi all,
> Here's today's tip of the day from Kim Komando, and it's a duzy!
> This is no joke, forward this to everybody you know. If it's from Kim
> Komando, it's truth!
> Harry
>
> Conficker prepares to rule the world!
>
> 3/31/2009
>
> Q. My friend was telling me about Conflictor. That's a computer thing
> that is going to take over the world. Or, maybe not. I assume this is
> an April Fool's
>
> joke. Right?
>
> —Mamie in Miami, listening on WIOD 610 AM
>
> A. No, Mamie, Conficker (not Conflictor) is the real thing, I'm
> afraid. No one knows what it's going to do. But it probably won't be
> good. (Conficker is
>
> also known as Downadup and Kido.)
>
> April 1, compromised machines will contact hundreds of computers on
> the Web. They will get their marching orders, whatever they may be.
>
> Maybe they will start sending spam. Or, they could be roped into
> massive armies to attack other computers. Those are ca
lled
distributed
> denial of service
>
> attacks. They're used to blackmail sites that need to be online.
>
> Or, Conficker might steal confidential information from its host
> machine. That could be in addition to other bad deeds.
>
> Conficker has reportedly compromised millions of Windows machines.
> Symantec says 3 million. The Washington Post said 12 million, without
> attribution.
>
> Cisco says 10 million in 150 countries. It puts China at 3 million;
> Brazil, 1 million; and Russia, 800,000. The United States has an
> estimated 200,000 compromised
>
> computers.
>
> Counterfeit Windows installations are common in China, Brazil, Russia
> and elsewhere. Microsoft won't update counterfeit installations. So
> those machines
>
> are wide open. (Somehow, I don't think Microsoft is helping its
> customers with this policy.)
>
> Business networks apparently also are vulnerable. They usually have
> good security against the outside world. But they may lack security
on
> individual machines.
>
> So if malware gets past the gates, it can run wild internally. That's
> especially true if the machines use weak passwords. Conficker can
> launch dictionary
>
> attacks.
>
> Conficker takes advantage of a flaw Microsoft patched in October.
Lots
> of people don't patch their machines—even when they're legitimate.
> When Conficker
>
> gets in, it patches the flaw itself. That keeps other criminals out.
> (Thank
s, Conficker!)
>
> The result: System administrators cannot scan for unpatched machines.
> At least, that's the idea. Researchers recently found a flaw in the
> Conficker patch.
>
> That will help identify compromised machines on networks. Scanning
> software companies are working hard to capitalize on that.
>
> Conficker also blocks anti-malware sites. So, if you have outdated
> protection, you supposedly can't update it.
>
> Conficker is professionally written. That is why it has spread so
> capably. Criminals in Eastern Europe are believed to be behind it.
>
> Of course, it's possible that the April 1 date is a red herring. Even
> if Conficker installations are updated on April 1, they won't
> necessarily do anything.
>
> Remember, these are probably criminals looking to make money. You
> don't make money by shutting down the Web. That's vandalism. Most
> criminals prefer stealth.
>
> So, April 1 may pass uneventfully for civilians. Pros watching
traffic
> online will probably see a lot going on.
>
> There is a slim chance that Conficker is vandalism. In that case,
> maybe just the host machines will be attacked. But "slim" probably
> overrates this idea.
>
> This thing is too well done. Old style viruses were written by barely
> competent people.
>
> So, this all raises the question of protection. Do you have Conficker
> on your machine?
>
> Well, that depends. Do you keep your security programs up t
o date?
> Update Windows regularly? Delete spam immediately? If you answered
yes
> to these questions,
>
> infection is unlikely.
>
> If you're lackadaisical about security, you may be infected. How do
> you tell? Well, there are tools out there to help.
>
> I have several on my site.
>
> So, let's say you find Conficker. What then? Well, get it off your
> machine first. Then run Windows Update. Open Internet Explorer and
> click Tools>>Windows
>
> Update. Download and install critical and important updates.
>
> Once that's done, install and update security software. I've got
> everything you need at my
>
> Security Center.
>
> I would also sign up with OpenDNS. This is a free service that makes
> for faster surfing. (DNS stands for domain name service (or server or
> system). These
>
> servers translate names like
>
> www.komando.com
>
> to Web addresses, like 66.210.246.140.) So, we already use it. I have
> a link to
>
> http://www.opendns.com
>
> But OpenDNS also teamed with Kaspersky (a Russian security company)
> against Conficker. It blocks every Web address Conficker uses online.
> So, if you have
>
> Conficker, it couldn't connect online. I'd install OpenDNS pronto. If
> you already have OpenDNS, you're set.
>
> It gives you safer, speedier Web surfing
>
> To locate Web sites, computers use IP numbers. But numbers like
> 66.102.7.104 are difficult to memorize. That's wh
ere DNS (domain name
> system) comes in.
>
> DNS allows us to use names like www.komando.com instead of numbers.
>
> Behind the scenes, computers still work with IP numbers. Lists of
> matching names and numbers are kept by DNS servers. Enter an address,
> and your browser
>
> requests the matching number from a DNS server.
>
> This lookup process takes valuable time. DNS servers typically keep
> only partial lists. Often, one request is forwarded through several
> servers. Many are
>
> halfway around the globe.
>
> OpenDNS is a free service that aims to speed up this process. OpenDNS
> servers keep more complete lists than other DNS servers. Also, your
> browser's requests
>
> go to the OpenDNS server closest to you.
>
> You don't have to download anything to use OpenDNS. It's available
> through a simple change of Internet connection settings. The OpenDNS
> site includes instructions
>
> for changing these settings in Windows. There are also instructions
> for those who connect through routers.
>
> OpenDNS does more than speed up Web surfing. It can also keep you
> safer. OpenDNS keeps an updated list of phishing sites. If you get
> fooled into visiting
>
> one of these sites, OpenDNS will block it.
>
> OpenDNS can also protect you from Web address misspellings.
Misspelled
> addresses often lead to advertisers who profit from accidental
> visitors. OpenDNS
>
> corrects common misspellings o
n the fly to deliver the sites you want.
>
> Cost: Free!
>
> One other thing: I remember sitting up New Year's Eve, waiting for
the
> Y2K bug. I think I started with Australia. Nothing ever happened. So,
> you might not
>
> want to hold a Conficker party. The whole thing could be
anticlimactic.
>
> Leave list: [log in to unmask]
> <mailto:[log in to unmask]>
>
> VICUG-L is archived on the World Wide Web at http://listserv.i
cors.or
> g/archives/vicug-l.html
<http://listserv.icors.org/archives/vicug-l.html>
>
> Send questions on list operation to
[log in to unmask]
> <mailto:[log in to unmask]>
>
VICUG-L is the Visually Impaired Computer User Group List.
Archived on the World Wide Web at
http://listserv.icors.org/archives/vicug-l.html
Signoff: [log in to unmask]
Subscribe: [log in to unmask]
VICUG-L is the Visually Impaired Computer User Group List.
Archived on the World Wide Web at
http://listserv.icors.org/archives/vicug-l.html
Signoff: [log in to unmask]
Subscribe: [log in to unmask]
VICUG-L is the Visually Impaired Computer User Group List.
Archived on the World Wide Web at
http://listserv.icors.org/archives/vicug-l.html
Signoff: [log in to unmask]
Subscribe: [log in to unmask]
|
