cod-E-mphasis

Conficker Worm: A new threat to computer

Posted in Technological Updates, Win32 Conficker, Worms by Arnab Guha on April 2, 2009

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in October 2008.
An early variant of the worm propagated through the Internet by exploiting a vulnerability in the network stack of Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta that was discovered earlier that month.The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.

Method of Infection:

This worm exploits the MS08-067 Microsoft Windows Server Service vulnerability in order to propagate.conficker_500x3751
Machines should be patched and rebooted to protect against this worm re-infecting the system after cleaning.
Upon detection of this worm the system should be rebooted to clean memory correctly. May require more than one reboot.
Scheduled tasks have been seen to be created on the system to re-activate the worm.

Autorun.inf files have been seen to be used to re-activate the worm.

Symptoms:

If your computer is infected with this worm, you may not experience any symptoms, or you may experience any of the following symptoms:

  • Account lockout policies are being tripped.
  • Automatic Updates, Background Intelligent Transfer ServiceĀ  (BITS), Windows Defender, and Error Reporting Services are disabled.
  • Domain controllers respond slowly to client requests.
  • The network is congested.
  • Various security-related Web sites cannot be accessed.

For more information about Win32/Conficker.b, visit the following Web pages:

Tagged with: , , , ,
3 comments

3 Responses

Subscribe to comments with RSS.

  1. Srijit Bhar said, on May 12, 2009 at 6:18 am

    I have purchased QuickHeal AntiVirus Software but, it’s not register in my computer. So, please help me.

    Reply
    • Arnab Guha said, on May 12, 2009 at 6:38 am

      Thank you for visiting our site.
      The solution to your problem is as follows:
      1. If you have BSNL/MTNL/Reliance landline connection then call at this toll-free number 1800-233-3733. Please call them with the purchase bill you have.
      2. Contact with NCS Computech Pvt. Ltd. (3 Commercial Building, 23 Netaji Subash Road, Kolkata-01, Ph: +91-033-22305259/22309693, Email: info@ncs.net.in, Web: http://www.ncs.net.in )
      3. If you have purchased the 2009 version of Quick Heal, please go here. Otherwise for 2008 version go here.

      If the above steps doesn’t solves your problem then please email your problem to this address: support@quickheal.com

      Hope this will be helpful to you…
      Thank You..

      Reply
      • SRIJIT BHAR said, on May 18, 2009 at 8:27 am

        Mr. BASANT KEDIA
        SHRADHA SHREE
        Serial Number: CH28B4J18418487060R0
        Subscription valid till: 11 April 2012.
        Activation Number: R47448D048
        Installation Number: 9221-0089-9474

        But, I am Srijit Bhar and my degination is Computer Hardware Support vendor. I facing a problem, our QuickHeal 29/04/2009 last Virus Database updated but still now it have not updated version, So, I requested to you pelase help me.

        thanking you

        Srijit Bhar.


Leave a Reply