Sephem's Ubulwembu (web) Blog

Conficker: Powerfull or Powerless?

by on Mar.23, 2009, under Security

Conficker was first seen in October 2008, but has gone through a few variants called conficker.a conficker.b and now the one to be activated on 1 April 2009 called conficker.c

Is this new variant going to be a crisis in the world of computers, or is it just going to flop like a bad April fools joke? virus

The conficker worm spreads itself primarily through a buffer overflow vulnerability in the Server Service on Windows computers. The versions of windows that are affected are Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and even Windows 7 Beta. The security bulletin can be read here.

Once it is activated, it does a few things, like disabling some services like Windows Defender, Windows security center and windows automatic update service.

It also connects to a server over the internet and gets some instructions that can gather information, install other malware amongst other things.

According to The New York Times,

An estimated 12 million or more machines have been infected. However, many have also been disinfected, so a precise census is difficult to obtain.

There is still little consensus as to whether conficker.c is going to be something or nothing, so we will just need to wait and see.

It is highly suggested to keep your windows up to date and to make sure that your anti-virus has the latest definitions.

Due to the fact that the new version of conficker has highly evolved means of removing most anti-virus software packages, being able to disable Microsoft’s Automatic update service, open ports on firewalls and to even block access to the update services of most security software it is highly advised to download some removal tools before the anticipated date of activation.

Here are a few links to some removal tools.

Microsoft® Windows® Malicious Software Removal Tool
Symantic W32.Downadup Removal Tool
Sophos Tool

For a more details report on Conficker, take a look at SRI Internationals Technical report at http://mtc.sri.com/Conficker/

(Visited 328 times, 1 visits today)
:, , , ,

1 Comment for this entry

1 Trackback or Pingback for this entry

Leave a Reply

*

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Archives

All entries, chronologically...