Conficker: How Scared Should We Be?

The Conficker worm – also known as Downadup – will have a big day on the first of April, when it is expected to evolve yet again. But patches exist for the weakness which Conficker uses, so how much should enterprises fear?

On Wednesday, Conficker will blast out requests to 500 of the 50,000 domains it generates daily, in search of an update. What that update will do isn’t known; what is known is that the worm has proven to be an impressive piece of malware as such things go. Version C, the latest iteration, added peer-to-peer communication between infected systems and a new domain-generation algorithm.

The worm emerged properly in 2008, when a version appeared in November, targetting a weakness in Windows Server that Microsoft had patched in October. Since then, updated versions have gone on to infect millions of machines. As well as the Windows flaw, virus has – since the Win32/Conficker.B variant – been able to spread through network shares that have weak passwords.

The C update also added a new set of armour to protect itself: it can kill some DNS (Domain Name System) lookups and disable AutoUpdate and some anti-virus software.

Fortunately, there are ways for anyone who gets infected to manually remove the latest version, and there are also removal tools available from Symantec and others to help users clean their systems.

“From a high-level perspective, the ‘A’ variant gave the impression [of being] a ‘test run,'” said Pierre-Marc Bureau, a researcher at Eset. “It had code that probably was not meant to be spread globally. For example, it was checking for the presence of a Ukrainian keyboard or Ukrainian IP before infecting a system.”

The first variants of the threat also sought to download and execute a file called loadav.exe, leading researchers to think the first goal was to install rogue anti-virus software, Bureau added. The file however was never uploaded to a Web server and thus never downloaded by Conficker.

The second version of the worm spread added the ability to get into network shares, and also scanned for targets with greater speed than the previous version, and additionally spread through removable media such as USB sticks.

Security vendors responded by updating their defences, and the mind or minds behind the worm have continued to answer in kind.

“During the last week, 3.88 percent of our users have been attacked by Conficker, either because they accessed an infected device or by a network attack,” Bureau said. “The percentage is very high and shows that a high number of computers are presently infected and that the worm is still spreading.”

With millions of PCs infected, the situation has prompted several organisations, including Microsoft and AOL, to team up to tame Conficker by disabling domains targeted by the worm. Still, researchers are no closer to guessing the end game of the mind or minds behind it.

Page: 1 2

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

8 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

10 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

12 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

1 day ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

1 day ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

1 day ago