The worldwide known Computer "Conflicker" is a new virus that effects the autorun file which an USB flash drive inserted but, there are many different variants of this virus(I copy this off Wikipedia.)
The worm has several mechanisms for pushing or pulling executable payloads over the network. To prevent payloads from being hijacked, variant A payloads are RC4-encrypted with a 512-bit key and RSA signed with a 1024-bit key; the payload is unpacked and executed only if the signature verifies with a public key embedded in the worm. Variant B increases the size of the RSA key to 4096 bits. So far, this has been used only to propagate newer versions of the worm.
- Variant A generates a list of 250 domain names every day across five Top-level domains (TLD). It attempts an HTTP connection to each in turn, expecting from any of them a signed payload. Variant B increases the number of TLDs to eight.[4] As a countermeasure, ICANN and several TLD registrars began in February 2009 a coordinated barring of transfers and registrations for these domains.
- Variant B creates a named pipe, over which it can push URLs for downloadable payloads to other infected hosts on a local area network.[11]
- Variant C creates an ad-hoc peer-to-peer network to push and pull payloads over the wider Internet. This aspect of the worm is heavily obfuscated in code and not fully understood, but has been observed to use large-scale UDP scanning to build up a peer list of infected hosts and TCP for subsequent transfers of signed payloads. To make analysis more difficult, port numbers for connections are hashed from the IP address of each peer.[11]
This virus only effects on Windows and these OS: Windows 2000, Windows xp Windows Vista, Windows Server 2003, Windows Server 2008 and R2, including the Windows 7 Beta. Also, it effects and disables System Restore, Windows Automatic Update, Windows Security Center, Windows Defender, Windows Error Reporting and Microsoft put a bounty on creator of this virus. Here the symptoms:
Account lockout policies being reset automatically.
Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender and Error Reporting Services disabled.
Domain controllers responding slowly to client requests.
Unusual amounts of traffic on local area networks.
Websites related to antivirus software becoming inaccessible
The virus exploits the vulnerability patch, M0S8-067. The Virus Removal:
Removal tools are available from Microsoft,[39] BitDefender,[40] Enigma Software,[41] ESET,[42] F-Secure,[43] Symantec,[44] Sophos,[45] and Kaspersky Lab,[46] while McAfee and AVG can remove it with an on-demand scan.[47][48] While Microsoft has released patches for the later Windows XP Service Packs 2 and 3 and Windows 2000 SP4 and Vista, it has not released any patch for Windows XP Service Pack 1 or earlier versions (excluding Windows 2000 SP4), as the support period for these service packs has expired. Since the virus can spread via USB drives that trigger AutoRun, disabling the AutoRun feature for external media (through modifying the Windows Registry) is recommended.[49] However the United States Computer Emergency Readiness Team (CERT) describes Microsoft's guidelines on disabling Autorun as being "not fully effective," and they provide their own guides.[50] CERT has also made a network-based tool for detecting Conficker-infected hosts available to federal and state agencies.[51] Microsoft has released a removal guide for the worm via the Microsoft website.[52]
Step by step Conficker removal by LiveCrunch Technology - How To Remove Conficker Step By Step
This virus already infect 15 million computers worldwide. The virus generate domains suffixes:
com.ve
com.uy
com.ua
com.tw
com.tt
com.tr
com.sv
com.py
com.pt
com.pr
com.pe
com.pa
com.ni
com.ng
com.mx
com.mt
com.lc
com.ki
com.jm
com.hn
com.gt
com.gl
com.gh
com.fj
com.do
com.co
com.bs
com.br
com.bo
com.ar
com.ai
com.ag
co.za
co.vi
co.uk
co.ug
co.nz
co.kr
co.ke
co.il
co.id
co.cr
And tries to connects these websites:
adsrevenue.net
whatsmyipaddress.com
aweber.com
clicksor.com
doubleclick.com
fastclick.com
linkbucks.com
megaclick.com
paypopup.com
getmyip.org
getmyip.co.uk
checkip.dyndns.org
So, Mircosoft say that Conflicker C will effect 50,000 domains on April 1st(April Fools Day). All I'm saying is be prepared tomorrow. Update your Antivirus or Antispyware, make an stronger password, and stop sharing folders.