Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management

    Conficker: The Windows Worm That Won’t Go Away

    By
    Brian Prince
    -
    March 25, 2009
    Share
    Facebook
    Twitter
    Linkedin

      Much has been written about the Conficker worm’s next big day. On April 1, the worm is expected to evolve yet again, when it blasts out requests to 500 of the 50,000 domains it generates daily in search of an update.

      Just what that update will do isn’t known; what is known is that Conficker -aka Downadup-has proven to be an impressive piece of malware as such things go. Version C, the latest iteration of the Conficker worm, added peer-to-peer communication between infected systems and a new domain-generation algorithm.

      The worm also got a new set of armor to protect itself that enabled it to kill some DNS (Domain Name System) lookups and disable AutoUpdate and some anti-virus software. Fortunately, there are ways for anyone who gets infected to manually remove the latest version, and there are also removal tools available from Symantec and others to help users clean their systems.

      Still, this is a long way from the worm that first slithered out into the open in 2008 by targeting a flaw in Microsoft’s Windows Server service.

      “From a high-level perspective, the ‘A’ variant gave the impression [of being] a ‘test run,'” said Pierre-Marc Bureau, a researcher at Eset. “It had code that probably was not meant to be spread globally. For example, it was checking for the presence of an Ukrainian keyboard or Ukrainian IP before infecting a system.”

      The first variants of the threat also sought to download and execute a file called loadav.exe, leading researchers to think the first goal was to install rogue anti-virus software, Bureau added. The file however was never uploaded to a Web server and thus never downloaded by Conficker.

      The second version of the worm spread not only through the Windows flaw but also through network shares by logging in to machines with weak passwords. It also scanned for targets with greater speed than the previous version, and additionally spread through removable media such as USB sticks.

      Security vendors responded by updating their defenses, and the mind or minds behind the worm have continued to answer in kind.

      “During the last week, 3.88 percent of our users have been attacked by Conficker, either because they accessed an infected device or by a network attack,” Bureau said. “The percentage is very high and shows that a high number of computers are presently infected and that the worm is still spreading.”

      Altogether, the variants of the worm are believed to have infected millions of PCs. The situation has prompted several organizations, including Microsoft and AOL, to team up to tame Conficker by disabling domains targeted by the worm. Still, researchers are no closer to guessing the end game of the mind or minds behind it.

      “I don’t think that the threat comes from the worm itself, it comes from the people that are in control of the mass of Conficker-infected systems,” said Adriel Desautels, CTO of Netragard. “Those people have an immensely powerful weapon at their disposal, and that weapon threatens all of us.”

      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×