Items tagged with Conficker

by Jennifer Johnson - Fri, Apr 24, 2009

Weeks after being dismissed as a false alarm, the Conficker virus is slowly being activated. Conficker, also known as Downadup or Kido, is quietly turning thousands of personal computers into email spam servers and installing spyware. It does this by installing a second virus known as Waledac that can send out email spam without the PC owner’s knowledge. The Waledac virus recruits the PCs into a second botnet that specializes in distributing email spam. Conficker also carries a third virus that prompts PC owners to purchase a fake anti-virus program called Spyware Protect 2009 for $49.95. When users purchase the fake security system, their credit card information is stolen and the virus downloads... Read more...

by Michael Santo - Fri, Apr 10, 2009

Conficker Reveals Its Purpose

Since the April 1st Conficker target date came and went, people have been waiting for the other shoe to drop. And on Wednesday night, Conficker downloaded the update that people were expecting, via the P2P functionality that's part of the malware.Dubbed Conficker.e, the new version appears to focus on that all-too-familiar item that malware writers want: money. The new version will terminate on May 3rd, and what Conficker.e did was download other malware to the already infected host computers. Kaspersky Labs notes that it downloads, for example, a rogue antivirus app, Spyware Protect 2009 (above). These type of apps frequently annoy the end user with pop-ups and more until they fork over some... Read more...

by Daniel A. Begun - Thu, Apr 09, 2009

New Conficker Worm Variant Spotted

We had all been warned: April 1 was the day that the infamous DOWNAD/Conficker worm was supposed to activate and do its dastardly deeds, whatever they might be. The day came and went without a whimper of Conficker-initiated destruction, although that didn't stop countless media outlets from reporting on it (HotHardware included). Conficker did generate 50,000 domain names and began contacting the domains--as predicted--but no damage was done to infected systems, at least as far as researchers could tell. Other than that, Conficker stayed relatively quiet... That is, until this last Tuesday night... The cyber-sleuths over at Trend Micro have been closely monitoring a Conficker-infected system,... Read more...

by Michael Santo - Fri, Apr 03, 2009

Conficker Eye Chart Developed

April 1st has come and gone, but researchers are convinced we haven't seen the last of the Conficker worm. While there are ways to determine if you are infected, the Conficker Working Group has posted a simple and visual aid to help as well. The Conficker Working Group is a group of organizations that have joined forces to fight the Conficker worm. According to the site, the work on the "test" was Joe Stewart from SecureWorks. All you have to do is go to the page and view the images there, and compare them to the table of results. It will indicate if you have Conficker A, B, C or none of the above. The test uses the fact that Conficker blocks certain security Web sites. The logos are derived... Read more...

by Jennifer Johnson - Wed, Apr 01, 2009

Conficker's Big Day Passes Quietly

The Conficker worm has generated a fair amount of buzz in the media recently. Today, April 1, was suppose to be the worm’s day of attack. As of this evening eastern standard time, the doomsday some were predicting as a result of the Conficker worm did not materialize. That doesn’t mean Conficker is a bust, however. The worm still did what was expected—it generated 50,000 domain names and started contacting them. The Conficker virus has infected several million computers since November. It was programmed to seek new instructions beginning today. The hype over the programmed instructions led to speculation and reports stating Conficker could launch a massive cyber attack today. The hype surrounding... Read more...

by Ariela Ross - Tue, Mar 31, 2009

Nyotron Claims: Be Paranoid of Conficker

Reportedly, April Fool's Day will not be too amusing for millions of computer users, as the Conficker worm is anticipated to take full effect. The Conficker worm was released to the wild in October 2008. It targets Microsoft Windows machines specifically and its symptoms manifest as network congestion, account lockout policies being reset, disabled automatic updates and error reporting for Windows, slow domain controller response, and for added fun -- it blocks security-related sites.The Conficker worm comes in three versions. Allegedly, it will infect more than 11 million computers. The third version, Conficker.C will switch gears and start polling 50,000 domains on April 1st to pull down a... Read more...

by Michael Santo - Tue, Mar 31, 2009

DHS, Honeynet Proj. Develop Conficker Scanners

Both the Department of Homeland Security (DHS) and the non-profit Honeynet Project have developed methods for determining which PCs on a network are infected by Conficker, which makes the work of scanning a system of networked PCs a lot quicker and easier. The DHS announced that the department's United States Computer Emergency Readiness Team (US-CERT) created the tool, which has been available to federal and state partners via the Government Forum of Incident Response and Security Teams (GFIRST) Portal, and to private sector partners through the IT and Communications sector Information Sharing and Analysis Centers (ISACs). It plans to expand distribution to more partners in the coming days.... Read more...

by Michael Santo - Mon, Mar 30, 2009

"The Internet is Infected" - 60 Minutes

60 Minutes is a great show, for the most part (and let's not forget it has Andy Rooney!), but a report Sunday night on the Conficker worm titled "The Internet is Infected" is probably the definition of hyperbole. The report, a full transcript of which is here, and a video below, was designed to alarm, and I'm sure it did. The title alone is alarming, but what it doesn't address, and what the report fails to mention is the following: Conficker only affects Windows PCsIt exploits a vulnerability in Windows that Microsoft patched in October (in an emergency patch, no less). If you have patched your PC, you are safe.If you are running a current, up-to-date antivirus (AV) software, you will be safe,... Read more...

by Michael Santo - Fri, Feb 13, 2009

Microsoft Offers $250K for Conficker Worm Info

Microsoft and nearly 20 other organizations and firms have joined forces to formulate a coordinated, global response to the Conficker (AKA Downadup) worm. At the same time, Microsoft announced a $250,000 reward for information that leads to the conviction of the hackers behind Conficker. The last time Microsoft offered a reward was in 2004, when it posted a $250,000 reward for the maker of the Sasser worm. Along with Microsoft, organizations involved in this collaborative effort include ICANN, Symantec, F-Secure, NeuStar, VeriSign, CNNIC, Afilias, Public Internet Registry, Global Domains International Inc., M1D Global, AOL, ISC, researchers from Georgia Tech, the Shadowserver Foundation, Arbor... Read more...

by Daniel A. Begun - Mon, Feb 09, 2009

OpenDNS and Kaspersky Take On Conficker

Internet security and infrastructure service provider, OpenDNS, and security software provider, Kaspersky Lab, have collaborated to help alert users that their systems are infected by one of the "most widely-spread" worms to come our way, the Conficker worm. The Conficker worm, which is also called Kido and Downadup, first popped up "in late 2008," and according to some reports has already infected "as many as 15 million computers around the world." Conficker infects systems by taking advantage of a known vulnerability in the Windows' Server service in Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. (While a fix for this vulnerability has been available... Read more...