April 1st Virus: Conficker or Conflicker?  on March 30th, 2009

[...] 1st virus - We’ve posted before about the April 1st virus, and it seems that the date is just around the corner. Many people are searching for the name of [...]

Nichole  on March 30th, 2009

This is horrible. I bought a brand new computer 2 months ago, and now this bull arrives. I hope they catch the creator of the virus, I hope he gets jail time for just messing with people like this.

FileSponge  on March 31st, 2009

Another load of sillyness. If people had been trained a little before using a PC, this woudn’t be such an issue.
You don’t give somebody a car who cannot drive yet.

If a PC is so open to attack, it won’t do anything amazingly bad, so a few people lose an odd email or two - if the anti-hackers know their code. How hard can it be ?
Nobody yet has even made it clear what it will do as they don’t have the training to decode it.

1) force your PC to think it’s April 1st - see the effects, and you know what you are working on. If it checks dates over Internet, trick a server into knowing the wrong date too.

2) no PC software is invisible - it’s a routine running on an open system. How hard do the experts find it to see hidden processes ? that makes me laugh.

3) If you have it, then it’s trapped, and that makes it sooo easy to strip down & reverse engineer. It’s like finding a rat in a maze, but the rats actually ‘dead’

To be honest, i blame modern teaching - to me, ripping code apart is like reading a book in a foreign language. You just have to read slower but it’s all there.

Good thing machine language ain’t in specific languages. I’d never be able to decode in japanese

lol

phayze  on March 31st, 2009

I bet it’s because you can’t kill someone with a PC, ya?

There is no ‘decoding’ of code. Assembly code is clearly readable. How do you think they know there’s a hook for April 1st? (PS this hook only exists in the minority version C. Most machines are infected with the B variant, which messes with a lot of system services, and is able to update itself etc.)

There is no way to know what will happen! no way at all..

The infected machines have open sockets which receive instructions, that’s it!

The virus does not check the local date of the machine it is running on. Rather, the man in control may elect to fire whatever instructions at the drones he’d like on April 1st. Ergo, there is no way to know what will happen. It is not a matter of not having the required training, or “knowing your code”

The “Experts” most certainly did obtain a handle to this running process bro.. Again, how do you think they’ve been able to determine all the services it kills, and the fact that it’s using a known windows exploit? It’s not magic!

The assembly has been analyzed, they know what it does… I love your rat analogy lol.. But it’s not unfortunately like that for the “anti-hackers” as you put it. It’s more like observing a maze full of millions of rats being controlled from an unknown location, and trying to figure out 1) where is this unknown location (probably hundreds of proxy hops around the world, hard to find) and 2) Who is this clown..

What the “anti-hackers” do, is monitor ethernet traffic to/from the socket being used by the malware. This gives them a server that the program is talking to. They need to physically contact the server in most cases, determine where the IP lease is obtained, and/or where it was being routed for. Rince and repeat for each proxy server the hacker(s) used, which is probably a dynamic list of proxies(always changing). They won’t catch this guy…..

Someone  on March 31st, 2009

If this was “another load of sillyness” why would they bother putting it on the news?

Yvette  on March 31st, 2009

FileSponge…. If I force my computer into thinking it’s April 1st, then I’ve just defeated the purpose of not getting the virus…. that makes no sense whatsoever.

And having a computer doesn’t kill people like driving a car, so that bad analogy doesn’t work in this instance either.

Why not just reinstall your original software and use a back up of your files (I have back ups done on a regular basis). Then there’s no need to reverse engineer any computer language.

You have time to go chasing a rat in your maze but I’ll just kill mine.

lol

Mark  on April 2nd, 2009

Well , viruses and the like only affect Windows Operating Systems because of how badly they are written. That is not to say it is OK for these groups to create the viruses , but if Microsoft managed to develop a SECURE Operating System like Linux , then there would not be any problems!
I tell this to everyone I know - if you want to play games then buy a console , if you want to surf the web , do office work , graphics , music or video , then use Linux.

Conficker Eyechart  on April 13th, 2009

[...] the Conficker or April 1st Virus? According to some security experts this virus entered many computers and was set out to crash the [...]

Person  on April 22nd, 2009

actually microsoft isnt all that badly written, it just needs Win32.exe files to run most of its stuff, the reason why linux is so “secure” is because it doesnt run Win32 files, which most viruses are made of, which is why mac doesnt get very many viruses either. Conficker is mainly a win32.exe program (i think, i might be wrong)