laurentio
19th January 2009, 08:20 PM
Conficker (also known by the names Downup, Downandup and Kido)
Conficker is a computer worm that surfaced in October 2008.
It targets several popular versions of Windows and is mostly found on Windows XP machines. Microsoft released a patch to stop the worm October 15, 2008. Heise Online estimated conservatively that it had infected 2.5 million PCs by January 15, 2009, while The Guardian mentioned an estimated 3.5 million infected PCs.
By January 16, 2009, one antivirus software vendor reported that Conficker had infected almost 9 million PCs, making it one of the most widespread infections in recent times.
When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting. It then connects to a server, where it receives further orders to propagate, gather personal information, and downloads and installs additional malware onto the victim's computer.
The worm also attaches itself to certain critical Windows processes such as svchost.exe, explorer.exe and services.exe
The worm exploits a known bug in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.
http://www.guardian.co.uk/technology/blog/2009/jan/15/downadup-conficker-worm
http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2009/1/15/1232031947608/conficker_final.jpg
Removal tools:
From Microsoft (http://www.microsoft.com/security/malwareremove/default.mspx)
From F-Secure (http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml)
From Symantec (http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99)
Conficker is a computer worm that surfaced in October 2008.
It targets several popular versions of Windows and is mostly found on Windows XP machines. Microsoft released a patch to stop the worm October 15, 2008. Heise Online estimated conservatively that it had infected 2.5 million PCs by January 15, 2009, while The Guardian mentioned an estimated 3.5 million infected PCs.
By January 16, 2009, one antivirus software vendor reported that Conficker had infected almost 9 million PCs, making it one of the most widespread infections in recent times.
When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting. It then connects to a server, where it receives further orders to propagate, gather personal information, and downloads and installs additional malware onto the victim's computer.
The worm also attaches itself to certain critical Windows processes such as svchost.exe, explorer.exe and services.exe
The worm exploits a known bug in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.
http://www.guardian.co.uk/technology/blog/2009/jan/15/downadup-conficker-worm
http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2009/1/15/1232031947608/conficker_final.jpg
Removal tools:
From Microsoft (http://www.microsoft.com/security/malwareremove/default.mspx)
From F-Secure (http://www.f-secure.com/v-descs/worm_w32_downadup_al.shtml)
From Symantec (http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99)