|April 1st Worm|
03/25/12 07:40:47 PM
I want to let you know about my research
on the April 1st virus attack. (Removal tools are at the bottom of the
There are 2 phases to this attack.
Phase 1 Earlier this month, the first part of the worm was sent out to initially make your computer a carrier of the worm for April 1st. You have to be infected with what is called the "Conficker Worm" in order for phase 2 to be initiated.
Phase 2 Happens on April 1st. This is when, if your computer has Conficker, the worm will update itself with new instructions to cause your computer some damage. To what extent this damage will have is still yet to be determined.
This is from a Microsoft/SecureWorks security website. This is really great info please read and pass it on. I have also included at the bottom of this email, links to websites that if you are infected with Phase 1 Conficker Worm, these links will allow you to download REMOVAL TOOLS to get it off of your computer before April 1st.
According to Joe Stewart, a security researcher at SecureWorks who knows what's what when it comes to malware, "there will be no April 1st outbreak." Clean PCs won't suddenly melt down from a new Conficker infection. All that
will happen, Stewart writes, is that the worm will begin to use a new trick that gives it a better chance of getting around existing defenses that attempt to prevent it from updating. The ability has been around since a new Conficker variant came out earlier this month, but it won't activate until April 1, Stewart says.
Put another way, if you're not infected on April 1, nothing will happen to you. If you are infected with Conficker, it will attempt to update itself. That update could theoretically contain instructions to do something drastic, like wiping out a hard drive, but that's pretty unlikely. Conficker's creators stand to gain nothing by such a destructive act, and malware these days is all about gain.
And there's a relatively simple check to see if you're infected with Conficker: Point your browser towards f-secure.com, secureworks.com, microsoft.com or other security sites. If you get a "page cannot be displayed" error for all the sites, there's a good chance they're blocked by Conficker or similar malware on your PC.
If that happens to you, you'd also be blocked from normally downloading free Conficker removal tools. But you can get around the malware blocks by using a Web proxy or alternate download links, according to Stewart.
This site was last updated 04/06/09