Yesterday we published a story about a new form of Virus that attacks the edge of the network targeting the hardware firewall/routers and DSL Modems that are popular today.  Shortly after that article was published I received an ominous warning:

 

“Brace for April 1st“

 

That was it, nothing more. Editorial team discussed about this and then I remembered reading that the Conficker Worm is set to roughly 500 domains on April 1st. Conficker has been a thorn in the side of security companies since it hit back in November of 2008. Conficker exploits a vulnerability in the way that Microsoft Operating Systems handle RPC [Remote Procedure Call] requests. Microsoft patched this issue in October but not everyone updates their systems properly so Conficker was able to gain a foothold.

In February Conficker received an update that made it harder to deal with and allowed it to spread easier, it could now even infect removable drives through the Auto Run feature and spread through network shares. Then just this month the third update for Conficker hit [now called Conficker.C] . This new variant is the nastiest one yet as it attacks security services, prevents user access to security websites and downloads a Trojan horse virus. Conficker.C also attempts to connect to other infected systems through Peer to peer networking. The coders have upped the number of contacted domains from the original 250 per day to 50,000.

Conficker is a nasty virus, its creators are using advanced techniques including encrypting the instructions to prevent countering its effects. Some security experts believe that the Conficker writers are intending to create massive domain collisions by targeting legitimate domains in a form of DDoS [Distributed Denial of Service]. 

Conficker.C all by itself is a scary thing, but now we see a second threat in the new psyb0t virus attacking routers and DSL modems it makes me wonder if we are not looking at a coordinated attack plan set to go off on April 1st. Of course this could all be a very bad joke, but as I do not believe in coincidences I have to lean toward something very bad happening on April Fool’s Day. When I feel it will be end users and security companies that might be made the Fool.

Additional information for Conficker prevention and removal can be found below:
Original Patch to Fix RPC vulnerability
Update to AutoRun feature
Microsoft Conficker.B Removal Tool 
Panda Security free Vaccine tool to block spread of Viruses through USB drives

- To ensure your home router is clean please follow the instructions in our article on the psyb0t virus