Fears of a Conficker Meltdown Greatly Exaggerated

BobB-nw writes "Many have been worrying that the Conficker worm will somehow rise up and devastate the Internet on April 1. These fears are misplaced, security experts say. April 1 is what Conficker researchers are calling a trigger date, when the worm will switch the way it looks for software updates. A 60 Minutes episode about the worm on Sunday will stoke concerns. But the worm has already had several such trigger dates, including Jan. 1, none of which had any direct impact on IT operations, according to Phil Porras, a program director with SRI International who has studied the worm. 'Technically, we will see a new capability, but it complements a capability that already exists,' Porras said."

Updates

[shird]

April 1st is when the worm will *start* looking for updates. It will continue looking from that date on, with a different set of domains each day. So there is no reason why the authors would register one of the domains and put out an update on the first day. If anything, they would wait a while to increase the number of domains security researchers have to watch out for. Also, the authors may not have any reason to update it just yet - it seems to be quite successful in its current iteration. They may be waiting for a buyer to purchase a block of the botnet for example.

How to prevent/detect/remove these?

[TinBromide]

I've been following storm, and that has dropped off the face of slashdot, and other worms, this latest conflicker is getting an article once or twice a week, but unless i missed something, how does one prevent/detect/remove these worms? All the news articles seem to think that its a foregone conclusion that your (or someone you care about) system WILL BE ASSIMILATED. I run windows, but I practice safe browsing ( I wrap that rascal by not downloading willy nilly, using outlook for e-mail, and use no-script and abp in firefox, all of which is running on an up to date windows XP build running behind a NAT router), am I infected? Will AVG tell me if I am? Would NAV or {other antivirus} tell me?

Wikipedia has info on how to detect and remove using most major antivirus running the latest update. But why don't the news-writers seem to recognize this? Why must every infection be a death sentence to support some nefarious plot with your unwitting computer?

Re:If only...

[shadowbearer]

Posts like this make me think that you've never done any tech support for the average home user in the real world.

  Sure, those of who know what we're doing can avoid problems.

  That doesn't hold true for the vast majority of windows users. If it did, it wouldn't be a problem.

  It's the same kind of thinking that led to the problem being existent in the first place.

  Don't get me wrong - I make a fairly nice side income doing tech support for home users on the side.

  But I'd much rather go back to teaching people *how* to use their computers - actually making a difference - than fixing broken windows installations and removing viruses, even if it is much more profitable.

  Call me old-fashioned or whatever, but that's what I'd prefer.

  I'm not necessarily bitching at you in particular. I just remember what it was like, a long time ago, to spend my computer support time solving problems that didn't involve malware infestations. *Teaching* people how to use their computers. I miss it. It was fun. This isn't.

  So anyone who says "Oh, I can keep my machine virus free" - whoopdefuckingdoo, so what, so can I. Most people can't, and it's because Microsoft can't write a decent *secure* fucking operating system to save their stock options.

  Oh, and get off my damned lawn ;)

  (Irritable? You bet. I'm a curmudge-only middle aged bastard...)

  I can vent, can't I? *grin*

SB

Re:I wish the creators had something useful in min

[lessthan]

Yes, because everyone is an idiot but you. They're not smart enough to deserve the internet. Let us take their PCs from them.