Conficker Reveals Its Purpose

rated by 0 users
This post has 5 Replies | 1 Follower

Top 10 Contributor
Posts 25,694
Points 1,156,740
Joined: Sep 2007
ForumsAdministrator
News Posted: Fri, Apr 10 2009 12:02 AM

Since the April 1st Conficker target date came and went, people have been waiting for the other shoe to drop. And on Wednesday night, Conficker downloaded the update that people were expecting, via the P2P functionality that's part of the malware.



Dubbed Conficker.e, the new version appears to focus on that all-too-familiar item that malware writers want: money.





The new version will terminate on May 3rd, and what Conficker.e did was download other malware to the already infected host computers. Kaspersky Labs notes that it downloads, for example, a rogue antivirus app, Spyware Protect 2009 (above). These type of apps frequently annoy the end user with pop-ups and more until they fork over some cash, in this case $49.95.



Trend Micro noticed that the worm also downloaded components of Waledac, which is a bot used by spammers.



Trend Micro also noted that Conficker.e once again has the ability to search for machines that are still vulnerable to the security hole that Microsoft patched in October, which led to Conficker infections in the first place. A previous update turned that capability off.



Now we have to wonder: what will happen on May 3rd?



  • | Post Points: 35
replied on Fri, Apr 10 2009 5:59 PM

If users notice any new icons on the system tray they need to leave them alone and not click on them. If an unknown app pops up asking for user intervention (Like to be installed) do not touch it. Instead open task manager and look for the process name then click it and click end process.

If infected, Make sure you turn off system restore, empty the recycle bin and download and run Malawarebytes. Clean all the items it finds, empty the recycle bin again and reboot if prompted by Malwarebytes.

Also make sure you delete all temporary files for internet explorer if you are using it.

  • | Post Points: 20
Top 50 Contributor
Posts 3,081
Points 38,055
Joined: Aug 2003
Location: Texas
acarzt replied on Fri, Apr 10 2009 7:38 PM

What he said^^^ Malwarebytes will clean that up real quick.

  • | Post Points: 5
Top 10 Contributor
Posts 6,181
Points 90,135
Joined: Aug 2003
Location: United States, Virginia
Moderator

kewlncguy:
If users notice any new icons on the system tray they need to leave them alone and not click on them. If an unknown app pops up asking for user intervention (Like to be installed) do not touch it. Instead open task manager and look for the process name then click it and click end process.

I think the issue is that people don't know. I mean these are people that have not updated since at least October.

  • | Post Points: 35
Top 10 Contributor
Posts 6,372
Points 80,290
Joined: Nov 2004
Location: United States, Arizona
Moderator

and here I was hopeing for skynet....

"Never trust a computer you can't throw out a window."

2700K

Z77 GIGABYTE G1.SNIPER

GIGABYTE GTX670

G.Skill Ripjaws X 16gb PC2133

Antec P280

Corsair H100

Asus Blu-ray burner

Seasonic X650 PSU

Patriot Pyro 128gb SSD

  • | Post Points: 5
replied on Sat, Apr 11 2009 1:39 AM

Well you have to consider that there are millions of bootleg copies of windows out there that are unable to apply updates or service packs. Combine that with ineffective or expired antivirus and you can easily have the 3-10 Million infected computers. Most of the malware out there like antivirus 2008, 2009 and 360 require user input to be completely installed. A popup appears every 10 minutes or so until the user either clicks to install or completes whatever action it is prompting for. The executables always appear in Task Manager under processes and usually they are an abbreviated name of the malware so they should be easy to find and kill until you can get malwarebytes downloaded and a scan done. Yet another issue is the same people that are likely to get infected probably already have 30 icons in the system tray for things like weatherbug, and other junk apps so they never notice the new icon.

  • | Post Points: 5
Page 1 of 1 (6 items) | RSS