What is Conficker
Conficker is a newly spread computer worm that targets Microsoft Windows Operating Systems. It was first detected in October 2008. Conficker is also known as Kido, Downup or Downadup. This worm is extremelt difficult for security and network operators to detect and counter because it uses a combination of unique and very advanced computer malware techniques that have never been seen before.
Operating Systems Vulnerable by Conficker:
- Windows 2000
- Windows XP SP1
- Windows XP SP2
- Windows XP SP3
- Windows Vista
- Windows 7
- Windows Server 2000
- Windows Server 2003
- Windows Server 2008 R2
- Windows Server 2008
Effects of this worm were supposed to be started on April 1st by some experts but it did'nt happen.but now the dreaded Conficker computer worm is stirring. Security experts say the worm's authors appear to be trying to build a big moneymaker, but not a cyber weapon of mass destruction as many people feared.
As many as 12 million computers have been infected by Conficker. Security firm Trend Micro says some of the machines have been updated over the past few days with fake antivirus software — the first attempt by Conficker's authors to profit from their massive "botnet."
Criminals use bogus security software to extort money. Victims are told their computers are infected, and can be fixed only by paying for a clean-up that never happens. Conficker gets on computers through a hole Microsoft patched in October.
Details of Conficker Computer Worm
According to wikipedia,
* Variants A and B exploit a vulnerability in the Server Service on Windows computers, in which an already-infected source computer uses a specially-crafted remote procedure call request to force a buffer overflow and execute shellcode on the target computer. On the source computer, the worm runs an HTTP server on a port between 1024 and 10000; the target shellcode connects back to this HTTP server to download a copy of the worm in DLL form, which it then attaches to svchost.exe. Variants B and later may attach instead to a running services.exe or Windows Explorer process.
* Variant B can remotely execute copies of itself through the ADMIN$ share on computers visible over NetBIOS. If the share is password-protected, it will attempt a brute force attack, potentially generating large amounts of network traffic and tripping user account lockout policies.
* Variant B places a copy of itself on any attached removable media (such as USB flash drives), from which it can then infect new hosts through the Windows AutoRun mechanism.
To start itself at system boot, the worm saves a copy of its DLL form to a random filename in the Windows system folder, then adds keys to the registry to have svchost.exe invoke that DLL as an invisible network service.
Removal of Conficker Computer Worm:
On 15 October 2008 Microsoft released a patch (MS08-067) to fix the vulnerability. Removal tools are available from Microsoft, BitDefender, ESET, Symantec, Sophos, and Kaspersky Lab, while McAfee and AVG can remove it with an on-demand scan. While Microsoft has released patches for the later Windows XP Service Packs 2 and 3 and Windows 2000 SP4 and Vista, it has not released any patch for Windows XP Service Pack 1 or earlier versions (excluding Windows 2000 SP4), as the support period for these service packs has expired. Since the virus can spread via USB drives that trigger AutoRun, disabling the AutoRun feature for external media (through modifying the Windows Registry) is recommended. However the United States Computer Emergency Readiness Team describe Microsoft's guidelines on disabling Autorun as being "not fully effective," and they provide their own guides. Microsoft has released a removal guide for the worm via the Microsoft website.
Also, on March 16, 2009, BitDefender released an updated tool to remove the already famous Downadup/Conficker worm on a new domain that has not been blocked by the malicious computer code at a website called "bdtools.net", it also comes as a separate installer dedicated to network administrators. In this way, the scanner can be dispatched throughout networks in order to remotely scan and disinfect workstations.
Refer to Wikipedia for reference URLs http://en.wikipedia.org/wiki/Conficker
It seems the anti virus software is checking each and every file, and takes 100% of a CPU to do so. Were this not a dual-core box it would be begging for mercy.Taking an entire CPU is unacceptable IMO.anti virus is sorely needed in this day and age, but if you’re planning on doing heavy I/O be careful what anti virus program you pick and how it’s configured.
Thanks for providing this info on worms. I am so tired of taking my productive time to fix problems caused by people with ill-intent. I appreciate any help I can get in this endeavor -
Pretty dangerous stuff here, hopefully the new updates of our anti-virus will be able to handle this!
Eva, culinary arts colleges student
Financial institutions need to worry the most about such viruses. Banks have thousands of mortgage modification, home loan, and home equity loan customers that trust banks to keep their financial privacy intact. I hope they are staying on top of this problem.
I never understood what was the thrill of creating worms and viruses. People really need to get a life organic crib mattress
Scary stuff...has this affected the nation's banks or other financial institutions?
Banksneed to make sure they have the latest technology implemented to fight this threat.Looks like the author has large experience in the subject. Thank you for the info.bad credit loans
Post new comment