0

If you are a Windows user and have not installed the MS08-067 patch from last October, then perhaps you had better pull your finger out. Of course, it could well be too late, and you could well be one of the nine million or so users who have already fallen victim to one of the most widespread of worms to hit Windows for a long time. If you are a Linux or Mac user, of course, you can sit back and relax.

Known by various names such as Conficker, Downadup and Kido, the worm is exploiting the double-edged sword that is user slowness in applying Microsoft security patches and equal apathy in running up-to-date antivirus software.

The worm will adopt the guise of the services.exe executable, copy itself to your Windows folder as a .dll file and proceeds to modify the Registry in order to grant itself the necessary permissions to run as a service. At this point, things start turning really nasty. The malicious code will install an HTTP server on your network and even reset your Windows OS System Restore point just in case it is discovered so it can copy itself right back again.

Naturally it then goes on to start downloading various other bits of malware, but what makes Conficker a little unusual is that it is capable of generating hundreds of new and varied domain names each day. One of them will be the real host for the malware downloads, but finding it is like looking for the proverbial needle in a haystack.

Which is probably why security experts say that the bugger has infected at least nine million users so far, and the number is growing rapidly. China, Brazil, Russia and India would seem to be the worst hit countries.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

4
Contributors
3
Replies
4
Views
8 Years
Discussion Span
Last Post by EsoxLucius
0

There is a new site in place from BitDefender, with two different tools that removes downadup/conficker infections. There's a home user tool and one that is recommended for sysadmins. The second one deploys a tool for scanning and disinfection in your managed network. - http://www.downadup.org

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.