The bottom line is, we will never be 100% safe from anything. Every time there is a new “fad” that sweeps the internet someone will try to exploit that for their own monetary gain. Remember when dial-up internet was “the thing?” There were viruses then that would make your modem dial 1-900 numbers in the middle of the night. Gone are the days of the mild-manner annoyance-type malwares that would just open your cd-rom drive randomly.

Now that “being on the internet” is an every day thing that we take for granted, malware programmers are pouncing on the unaware. Want to (possibly illegally) download shared files from P2P networks? Why not put a virus out there to infect P2P connected computers?

Heard there is something ‘bad’ sweeping the internet? Why not target your computer with a fake “Oh my! My computer is gonna explode with viruses and spyware” program that will eventually try and get your credit card number…or even turn your PC into the zombie who tries to infect someone else and get their number! An awesome idea if you are the bad guy.

My advice would be this: Start off by learning about the enemy. Sites like this one provide some good information for you to learn. Once you learn about some of the baddies, modify your internet behaviour (like avoid falling for fake ads and dangerous P2P sharing programs), and take preventative measures like having anti-virus and Operating System updates…well, up-to-date.

Finally, always take a deep breath if you think something is wrong. Analyze the situation in a logical manner. Don’t panic. If you’re not sure, consult someone who can help.

-Double Agent Chris Plath

i think the only solution to this problem is to block unpatched computers from the internet until they are patched. internet service providers should be required to check to see if computers are up to date and have up to date antivirus and antispyware software, and if they don’t then the customer should be notified of such and shown how to remedy the problem. until that happens, things like this are only going to continue.

In any case, if you are connected online and experience problems with an infection that has prompted you to purchase fake protection, simply close it out and check your programs list to see if anything was recently installed that you didn’t intentionally place on your computer. It’s very likely that the fake protection advertisements redirect you to an infected server that will attempt to grab your credit card information.

As a whole, these types of threats have been around for a while now and we’ve been constantly dealing with them. Remember to search for clues whenever a fake advertisement pops up. They tend to have spelling errors, the domain name shows up as an ip address, and finally they’re just a pop up. Most legitamate software rarely advertises via pop up these days as they’re seen as an annoyance.

With the release of all the conficker news coverage, more of the mass public have their eyes set on following this particular infection’s path. Luckily for most people, protection companies like, Symantec, Trend Micro, and Sophos were already in the know about situations like this and haven’t stopped doing their jobs to defend against the on coming threats.

So to sum it all up, keep your current antivirus/spyware protection up to date. Make sure you’re scanning at least once a week if your protection doesn’t already do that automatically. Avoid using any sort of peer to peer applications as that’s a backdoor for most infections to sneak into your computer even if you have the most up to date protection! Finally, get those windows update patches as they’re free and usually only require a restart to be installed succesfully. Just practice safe web surfing and let the conficker strain pass you by!

Agent Jonathan Cabuco
Counter Intelligence
Geek Squad – Precinct 144

Here are a few suggestions to keep yourself protected from the “bad guys”:

1. Purchase genuine software that you know can be trusted, and buy directly from a store or trusted online dealer.

2. Keep software up-to-date at all times.

3. Stay clear of sites you are uncertain about.

4.Do not accept, open, or download attachments files from unknown senders.

5. If infected, immediately back up any important files and try a system scan. If that does not solve your problem delete the partition and perform a complete system restore.

In my mind, the two key points to the latest Conficker news is that the worm is making use of its P2P network to distribute updated instructions, and that the worm is making a move to monetize its infected hosts.

While the use of a P2P network isn’t new, it does highlight the evolving nature of malicious software communication in order to get around the “digital dragnet” created by the Conficker Cabal to stop access to update servers seeded by the bad guys.

Monetizing the infections through the use of fakealert software such as Spyware Protect 2009 may not make a great headline like “Conficker Set to Destroys the Internet”. Unfortunately, many casual computer users still think of malicious software as the equivalent of teenagers doing virtual vandalism.

Instead, malicious software is on it’s way to becoming a billion-dollar industry which makes it easier to pay for development of new software that can match the efforts of the security software makers. To me, that’s the scarier proposition than the original Conficker hype.

The good news in all of this, though, is that for most average computer owners, the basics of keeping your system up to date, firewalled and protected with current antivirus and antispyware protection is sufficient to protect against most current automated threats such as Conficker.

Agent Derek Meister
Geek Squad

http://www.malwarecity.com/blog/updated-variant-of-the-downadup-worm-identified-in-the-wild-412.html

Now that there’s a payload and it’s less than inconspicuous, it will be interesting to see what tricks the virus writers come up with to try and avoid the attentions of annoyed users.