Vietnamese security firm claims Conficker might have come from China

By on

diagram

Vietnamese security firm BKIS, which makes the BKAV anti-virus software, has said that they have found clues that tell them that the Conficker worm may have originated from China, as opposed to countries like Russia and in Europe, according to a report by CNET News.com.

It’s conclusion is based on the coding of the virus, saying it is closely related to the notorious Nimda virus, which wrecked havoc across the web and e-mail in 2001. BKIS was also the company that determined that Nimda was originated from China, though it has never been verified with hard evidence.

The virus is set to download on April 1.

According to the CEO of BKIS, Quang Tu Nguyen, the worm might never return to its owner, for one reason or another, if the owner decides to not update the code, or fails to do so; but this scenario is highly unlikely.

However, while it may be helpful to some extent, it does not help the authorities and the Microsoft-led coalition to beat the worm to find those who are responsible.

Conficker is a worm that takes advantage of a security hole that was left unplugged from Windows 2000 to the beta of Windows 7, allowing the user to be infected without any user interaction via the internet, local network or via USB drive. It would then proceed to stop all security services, as well as the Windows Update service and disable any tools that was design to remove it.

And while it has been easier to remove these types of viruses in the past, it has become harder to stop this virus as it updates itself to randomly generated domains and is set to download its instructions on April 1. However, it does require the virus writer to buy a lot of domains. However, Microsoft and its coalition have managed to remove access to 13 percent of the domains used – which is not really reassuring.

According to CNET, at least ten million users worldwide have been infected with at least a variant of Conficker; with one known variant, Win32/Conficker.B, is said to be spread by using the “AutoPlay” dialog, offering two versions of the “Open folder to view files”. ALWAYS use the option under “General Options” – or the highlighted one in the image below.

Autoplay

However, there is a nifty way to find out if you have been infected. First, try updating your anti-virus software, or download certain security products like the “Microsoft Malicious Software Removal Tool”. Next, access websites to known security vendors, like Symantec or McAfee. Next, try accessing several websites like Google, CNN, AOL and MySpace. Finally, check if you can access Windows Update and update your operating system from there.

If any of these have failed, then you have been infected. Follow these tips to clean the virus out. We do suggest you use an uninfected computer and use a floppy disk or CD/DVD-ROM drive to reduce the risk of having your USB infected.

TECHGEEK.com.au offers the tips in good faith, following several sources. However, TECHGEEK.com.au cannot claim responsibility for any problems that you have occurred during the installation, and any links located here are opened at your very own risk.

Images from: Microsoft