Author Topic: Deadline Approaches for Confiker (Downadup) Worm  (Read 10649 times)

0 Members and 1 Guest are viewing this topic.

Offline Eric the Red

  • ISO/IEC 27001:2013
  • Administrator
  • Hero Member
  • *****
  • Posts: 1618
  • Would somebody please pass me a beer!
    • View Profile
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #15 on: April 02, 2009, 07:15:31 PM »
The fact that April 1st passed without any appreciable incident does not mean that this threat has gone away. You can see the extent of the infection at this page, you may want to bookmark the site.
"The time to start running is around about the "e" in "Hey, you!" "

The information I provide is provided "AS IS" without warranty, and confers no rights.

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1575
    • View Profile
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #16 on: April 09, 2009, 10:07:49 AM »
Conficker begins stealthy update

The Conficker worm has started to update infected machines with a mystery package of data.

http://news.bbc.co.uk/1/hi/technology/7991422.stm


Paddy...
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7332
  • Liverpool FC - YNWA
    • View Profile
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1575
    • View Profile
Re: Deadline Approaches for Confiker (Downadup) Worm
« Reply #18 on: April 25, 2009, 11:20:20 PM »
Gibson lets a computer get infected with Conficker - to observe its behaviour

Listen: http://www.podtrac.com/pts/redirect..../sn/SN-193.mp3
(recorded 2009.04.22)

Show notes: http://www.grc.com/sn/sn-193.htm

1) If your PC is infected, Conficker stops Windowsupdate from working so if http://update.microsoft.com/microsoftupdate/ works on your machine, it probably is not infected, yet. It also stops many other types of security software from running.

2) The guy or team behind it are probably based in Ukraine - because conficker checks to see if a PC has a Ukrainian keyboard - if it has, it doesn't run on that machine. It also checks IP numbers against a geographic IP number database, and does not attack IP numbers allocated to Ukraine.

3) It looks for removable drives (eg USB drives), and installs itself on these, ready to replicate itself when the drive is installed on another machine.

4) Conficker keeps "phoning home" in stealth mode to get the latest updates to itself designed to foil security patches etc.

5) It changes its file date to the same date as some Microsoft system files (kernel32) on the machine so it doesn't stick out.

6) Make sure UPnP (universal plug and play) is switched off in your router - otherwise if your machine gets infected, it will open up your router ports using UPnP.

7) Switch off Print and file sharing in Windows if you don't need it. eg if your home network runs on wired Ethernet and you require file sharing, switch off print and file sharing for WiFi, to reduce the risk of picking up Conficker when you are using public WiFi hotspots.

8) It looks as if Conficker might turn into some sort of protection racket. The "E" variant of Conficker seems to have some anti-virus popup - might turn into a "buy our Conficker remover" link.... If it does, I don't think it would be advisable to give them a payment card number


Paddy..
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.