Malwareaware

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 11 March 2013

Spotlight On Malware: The Conficker Worm.

Posted on 15:31 by Unknown
By popular request, here is a look at the Conficker Worm. This worm is also known as Downup, Downadup, and Kido.

First, Conficker sounds like a weird name. Where did it come from you ask? The origin of the name is thought to be a portmanteau of the English term configure and the German pejorative term Ficker. Conficker comes in 5 flavors, all of which we will talk about separately. The five flavors have been dubbed A, B, C, D, and E.

The first variant of Conficker (A) was discovered in early November of 2008. It spread through the Internet by exploiting a vulnerability in a network service (specifically MS08-067) on Windows 2000 through Server 2008. Windows 7 could have been affected, but during that time Windows 7 was in beta and the beta was not publicly available until January 2009. Although Microsoft released an emergency patch on November 23, 2008 to patch the vulnerability, a large number of PCs still remained unpatched as of January 2009. The final thing that Conficker A does is update itself to Conficker B, C, or D.

The second variant (B), discovered in December, added the ability to spread over LANs through removable media. The second variant also disabled Windows AutoUpdate and blocked certain DNS lookups. The final thing that Conficker B does is update to Conicker C or D.

The third variant (C) which was discovered in early February 2009 did much of the same stuff as Conficker B did. The final thing that Conficker C did was update itself to Conficker D.

Conficker D is where things get a little more interesting. This variant was discovered in March of 2009. It did what Conficker C did, however, it also added a few extra features such as disabling safe mode, and searching for processes that are related to anti-malware programs and killing them at one second intervals. The final thing that Conficker D did was download and install Conficker E.

Conficker E was discovered 3 days after Conficker D. It protected itself in the same manner as D (disabling anti-malware) and had a very interesting final payload. The final action was downloading and installing a spambot and SpyProtect 2009. Conficker E also removed itself on May 3 of 2009, leaving the copy of Conficker D still on the computer.

That is it for this Spotlight On Malware blog post. Once again, this was by popular request.... Now stop requesting it.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Spotlight On Malware, Windows | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • How to remove System Doctor 2014
    There is a new rogue AV making the rounds on the web called System Doctor 2014. For those that have just started reading my blog or for thos...
  • What are Bitcoin Miners?
    For my first post about Bitcoins, and for what I wish to be my last about the subject, we are going to be talking about what Bitcoin miners ...
  • How to keep spies from monitoring you through your computer or your phone.
    Those of you in The United States of America have most likely heard about that whole IRS scandal and the accompanying scandals of wiretappin...
  • Spotlight on Malware: The Gruel Worm.
    It's been around since Windows 2000, but there still is not a way to remove this worm without formatting the hard drive. I speak of the ...
  • I am going to be a billionaire!
    For those of you that have been reading my blog for some time, you know I like to mess with scammers, fake tech support and the like. But th...
  • Use VBScript to pull a joke on your friends.
    Do you want to play a trick on your friends, family, or coworkers? Well this one's for you. You can make a fake piece of malware on your...
  • Spotlight on Malware: MyDoom
    The MyDoom Windows worm, also known as Novarg, and Shimgapi will be the subject of our focus for this post. The MyDoom worm was first discov...
  • CryptoLocker as of 11/3/2013
    If you have read my other posts on this, you know. But for those of you who do not, there is a piece of ransomware that has been making the ...
  • The Big Game: Who's on our side?
    I recently helped a friend of mine remove malware from their computer when she be one mused on how lonely my job must be. "It must be s...
  • Java: No more coffee for you.
    Odds are that every blogger that has a tight focus on computer security has authored a blog post about Java. So why am I wasting your time? ...

Categories

  • Android
  • History Of
  • iOS
  • Java
  • Macs
  • Passwords
  • Removal Guides
  • Spotlight On Malware
  • The CryptoLocker Saga
  • What Does It Mean?
  • What's in a name?
  • Windows

Blog Archive

  • ▼  2013 (151)
    • ►  November (10)
    • ►  October (5)
    • ►  September (15)
    • ►  August (22)
    • ►  July (26)
    • ►  June (17)
    • ►  May (25)
    • ►  April (15)
    • ▼  March (7)
      • Malware Spotlight Double Header: Bagle and Netsky.
      • What Does It Mean? Layered Defense
      • What's In A Name: Rootkits
      • How do I make sure my Antivirus Software is protec...
      • Spotlight On Malware: The Conficker Worm.
      • Where did this whole issue with Malware begin?
      • My Take on Third Party Tech Support.
    • ►  February (6)
    • ►  January (3)
Powered by Blogger.

About Me

Unknown
View my complete profile