WARLOCK

This entry was posted on Thursday, March 19th, 2009. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

« WWW creator Sir Tim Berners-Lee burned ?
Natasha Richardson - in Loving Memory, but not by Crackers »

Conficker Wreaks Havoc !

March 19, 2009 | Author: warlock | Filed under: Exploits, Security

Hi Everyone, with the ubiquitous torment of the Kido Worm or more widely known as Conficker, I thought I’d better post about it. Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system.The worm exploits a known vulnerability in the Windows Server [...]

Hi Everyone, with the ubiquitous torment of the Kido Worm or more widely known as Conficker, I thought I’d better post about it.

Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system.The worm exploits a known vulnerability in the Windows Server service (MS08-067) used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, and the Windows 7 Beta.

Conficker

Recently, researchers at Symantec have discovered what could be a significant development in the ongoing Conficker worm saga - a new module that is being pushed out to some infected systems.

In a couple of ways, the new component is designed to harden infected machines against an industry consortium that is actively trying to contain the prolific worm. For one, the update targets antivirus software and security analysis tools to prevent them from removing the malware. Not only does it try to disable anti-malware titles, it also goes after programs such as Wireshark and regmon.

And for another, it also greatly expands the number of domain names infected machines contact on a daily basis.

Up to now, a pseudo random domain name generator (PRNG) produced 250 addresses that infected machines reported to each day. The industry consortium, dubbed the Conficker cabal, responded by cracking the algorithm and snapping up those domains ahead of the malware authors to prevent the infected machines from sustaining further damage.

The new component ups the ante by increasing the number of domains to 50,000 per day. Ouch !

Since Jan’09 a new version of the worm has appeared which has the added capability of spreading via network shares and removable media such as USB drives. Kido / Conficker also has a capability of blocking security-related sites disabling users from accessing Windows Security Updates and uses a list of password to connect to network shares and infect systems.

Estimated number of infected computers ? around 11 million !

Well, seems like the Conficker authors are really serious about keeping their control of the botnet and expanding it further without hindrance from the self-described “cabal” of companies, including Microsoft, Symantec, and a host of domain registration providers.

Well, the rumour is the authors have primed for a new release of Conficker “C” , its due release is on April 1 ! That’s less than 2 weeks away !

Hold on tight to your seats , guys ! Thank God, I use a Mac *smile*

Conficker Removal Tool from Enigma

Conficker Removal Tool from BitDefender

Conficker : Guide on How to Protect Yourself

Conficker C for April Fool’s Day

(0) Comments     Permalink farfromfearless

No comments as yet.

Anonymous - Gravatar

No comments have yet been made to this posting.

Leave A Comment

All fields marked with "*" are required.