Conficker: 2009 Malware Public Enemy #1
Top 5 Global Malware Threats
- Conficker/downandup/Kido (Polymorphic)
- Vundo/Virtumonde/Virtumundo/MS Juan and Conhook (Spyware Trojan)
- Zlob/Zotob/RBot (Worm Trojan)
- IFrame.bof/MyDoom/Novarg/Shimgapi/Doomjuice (Botnet Worm)
- False AntiMalware and Potentially Unwated Programs/Applications (PUP/PUA)
Timeline of Conficker Blog of USA Today Journalist Byron Acohido
Conficker "eye chart"
or Tell at a glance if you're infected
***Conficker A, B, and C removal tool from Symantec (FixDwndp.exe)***
(link provided for those who may not be able to access Symantec directly)
Directions for use and link to download tool @ Symantec
ALERT: Conficker Attack 1 April 2009
The major Botnet Worm, Conficker, has infected over 12 million computers globally and shows no sign of stopping. It has, however, slowed a bit in recent weeks. This behavior is a Red Flag to Anti-Malware Technicians.
Dedicated researchers have determined that Conficker holds a 1 April 2009 payload date within it's programming. What this means is that something will be happening that day. The bad news is that no one knows exactly what will be happening.
Make sure your PC is patched FULLY, that includes WIN, MAC, and Linux based machines, as well as all other platforms. Even though there are no known infections of Mac systems by Conficker (Linux has been bit with detection noted March 2009) that does not make the risk impossible. Since Conficker travels across networks and via portable media (like custom burned CD's) as well as via p2p and through exploits in Adobe and Java (as well as Windows) everyone can be considered to be at risk. Better safe than sorry after all. Below find links to relevant media reports.
Also Known As (*not a complete listing*):
Crypt.AVL (AVG)
Win32/Conficker.A (CA)
Trojan.Win32.Pakes.lxf (F-Secure)
Trojan.Win32.Agent.bccs (Kaspersky)
Trojan.Win32.Pakes.lxf (Kaspersky)
Trojan-Downloader.Win32.Agent.aqfw (Kaspersky)
W32/Conficker.worm (McAfee)
Trojan:Win32/Conficker!corrupt (Microsoft)
Worm:Win32/Conficker.A (Microsoft)
Worm:Win32/Conficker.B (Microsoft)
Mal/Conficker-A (Sophos)
W32.Downadup (Symantec)
W32.Downadup.B (Symantec)
WORM_DOWNAD (Trend Micro)
WORM_DOWNAD.A (Trend Micro)
Confickr (other)
TA08-297A (other)
CVE-2008-4250 (other)
VU827267 (other)
Don't Panic or Something to keep in mind with the rest of the links
Conficker Wikipedia
Conficker Blog Lavasoft (aka AdAware) 26 Mar 2009
Conficker: Real Snopes
W32/Conficker Microsoft
Protect yourself from the Conficker computer worm Microsoft
ICANN and the Conficker Cabal New York Times 18 Mar 2009
Bits: Conficker April Fool's? NY Times 19 March 2009
W32/Conficker.worm McAfee (aka Avert Industries)
Conficker Fighting Back Tech Herald Blog (with updates)
I posted the following to Wiki as a response to "how does this thing travel?"; this pretty much sums it up (direct copy and paste):
"(via) public and private networks, email attachments, and portable media. Portable media including but not limited to: USB sticks/flash drives, custom burned cd's (and I would presume DVD's as well), and floppies. Which would imply that XBOX systems may be vulnerable, but I haven't heard anything yet about that. Someone else noted that Conficker does not have an .exe file, which is technically correct, and allows for it to travel pretty much however it wants to. Once it's on a system and has a way to get off and spread it usually does. Watch out for McDonald's, hotels, and the ever popular Universities while you're at it."
UPDATE: New Conficker Variant
Conficker's 1 Apr payload was apparently for another update. There are now 5 known primary strains with the most recent being documented 8 Apr 2009. The same advice holds true: patch your system and have a reliable (and UPDATED) anti-malware running. See Recommended Products (link below) for patch assistance. As an additional precaution against all malware, it is also recommended that you disable the auto-run feature.
Conficker Worm Reveals Its Business Model PC World 9 Apr 2009
Conficker Causes Rise in Hoax Security Software PC World 9 Apr 2009
Microsoft: Hoax security software on the rise PC Advisor 8 Apr 2009
Other Malware taking advantage of vulnerabilities used by Conficker
Neeris Microsoft (aka Worm.SDBot [Trend Micro])
Storm/Fuclip/Nuwar and Waledac/Iksmas
REWARD
Microsoft has announced a US$250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker worm.
Individuals with information about the Conficker worm are encouraged to contact their international law enforcement agencies. Additionally, Microsoft has implemented an Antivirus Reward Hotline, 1-425-706-1111, and an Antivirus Reward Mailbox, avreward@microsoft.com,where tips can be shared.
Site Links
Back to Computer Acting Wierd?
