Rise of the Conficker worm.(windows)

Posted by Shashank Krishna Wednesday, February 11, 2009


Jan 20th, 2009. The Conficker worm seems to have run amuck, the latest being the case of 8000 PCs of a Sheffield hospital having been infected.

The Conficker (Kido, Downandup or Downadup) is a malicious polymorphic worm that spreads through low security networks, memory sticks, and PCs without the latest security updates. Over 9 Million PCs have so far been infected, making it one of the most widespread infections in recent times. It has the potential of creating the world's biggest Botnet. It can be used by hackers and spammers to steal users’ login details and credit card information, and even to re-route web traffic to disguise criminal activity, say security experts.

Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting. It then connects to a server, where it receives further orders to propagate, gather personal information, and downloads and installs additional malware onto the victim's computer. The worm also attaches itself to certain critical Windows processes such as svchost.exe, explorer.exe and services.exe.

Microsoft had discovered this vulnerability which the Conficker worm exploits before the worm actually surfaced & addressed it at the end of October 2008 with Microsoft Security Bulletin MS08-067. Users who applied that security update would have been protected against the worm.
Confiker Virus

Conficker basically carries out a social engineering trick. When you insert a USB stick you get a dialog box asking what is to be done. One of the options in the dialog box is "Open folder to view files". This could actually be an "autorun.inf" option created by Conficker. Autorun isn't disabled by default. So perhaps you want to disable it for some time.

This Social engineering autoplay trick helps infect Vista as well as Windows 7 too. Windows 7 is still in development, so there might still be time to modify how AutoPlay works in order to limit the scope for social engineering attacks.

To protect against the Conficker worm family, Microsoft recommends that users ensure their anti virus protection is up to date with the latest definition and install Microsoft's MS08-067 patch and all latest security WindowsUpdates. The latest Malicious Software Removal Tool also now has this capability.

Before you leave, please promote this article with your favorite bookmarking site using the Share/save button! AND DO please give your valuable comment
Reblog this post [with Zemanta]

Spread Firefox Affiliate Button | edit post .


Post a Comment

Are You Planning on Quitting Facebook? Why?



About Me

My Photo
Shashank Krishna
Bangalore, up, India
nothin much to say.........doin B.tech in IIIT allahabad loves bloggingn hacking.... :) and loooves blogging
View my complete profile