Biggest virus in history - NOT

Its even on the 10 o'clock news - ConfickerC will 'strike' on April fools - I myself wonder what it will be striking - Iraq? the Pentagon? should we get in our bunkers?? - I doubt it.

I seem to remember the last largely publicized virus being Nimda - when was that like 1999? Surely this will be no bigger than the Schmitfraud rootkit virus, my techs and I have removed that virus and its variants over the last 3-4 years 100s of times, yet I don't see it on the news.

Well - lets get on to the meat of it, maybe there is some truth here. ConfickerC is a botnet virus, meaning all the infections create a 'domain' that communicates with each of its nodes, kind of a cluster of madness, and they all phone home, but not to a central server like some might think, it calls its relatives to see if they have any updates, if so it downloads them, this is a peer2peer virus that is totally self sufficient once its creator releases it into the wild. The 'do-gooders' of the world are attempting to block these domains, find the source and stop it. So this is were the creators got creative, they developed the bot with several dozen randomly generated domains to use thus making it x times more difficult to prevent.

Here is a complete write-up on the Microsoft site covering the prior variant, ConfickerB, which is now for the most part rendered useless through MS patches.

Compared to the first 2 variants, what differentiates ConfickerC is that it is programmed to use THOUSANDS of domains, making it virtually impossible to accurately block, along with new vulnerability holes to once again allow it access.

Its purpose: ASSIMILATION - just like a cancer, no purpose other than uncontrolled reproduction.
There are many side affects, however they are all towards the end goal of spreading to other computers:

• stop all antivirus programs and windows updates
• lock down permissions on the system so that only it has control
• it will block access to any virus related websites

Once it has complete control of its host it will use a list of passwords to attempt connections on any other computers it finds on the network so that it can authenticate and perform remote code executions to seed its offspring. It will also spread itself via USB flash drives.

Who does it attack?- well the majority of computer users of course, any Windows system will be attacked - my MAC men are probably gloating 'better reason for you to get a MAC' - well please note, MACs get viruses also.

How do you block it?- make sure to have the latest updates from microsoft and your antivirus vendor - daily Automatic updates are your best friend. STAY AWAY FROM ANY popups that report you need antivirus - especially one you have never heard of - google it first.

If you have Symantec Antivirus or AVG and you get a pop-up like this:

IT IS DEFINITELY NOT LEGIT!!!

Virus notifications should plainly come from your antivirus program and you should be familiar with it.

This is all well and good (or bad really), but the first 2 variants were supposed to have caused utter destruction world wide as noted here, but of my dozens of customers, {and they love to get viruses daily} only 3 had a Conficker infection. I prefer to keep all of my customers systems up to date with the latest antivirus, and latest MS updates, with most sites fully monitored for updates. We use antivirus gateway appliances to stop the virus before it touches the network.

So really I wont be surprised to get a call or 2 on April fools.

More than likely I will get dozens if note hundreds of emails from clients and family warning me of the new 'biggest virus ever' they saw on the 10 o'clock news. I still get chain letters from clients warning of the latest snopes verified Hallmark virus from 2005.

UPDATE 4/15/09: Well so far I have only heard of one person getting this conficker infection, and to my delight, it was not one of my customers - this bomb sounds like a real dud.