Conficker

By | 26/02/2009

About Conficker:

On October 23, 2008, Microsoft released a critical security update, MS08-067, to resolve a vulnerability in the Server service of Windows that, at the time of release, was facing targeted, limited attack. The vulnerability could allow an anonymous attacker to successfully take full control of a vulnerable system through a network-based attack, the sort of vectors typically associated with network “worms.” Since the release of MS08-067, the Microsoft Malware Protection Center (MMPC) has identified two variants of Win32/Conficker in the wild to date:

(Source: http://technet.microsoft.com/en-us/security/dd452420.aspx )


For detailed “How to remove Conficker worm” instructions, visit this post: How to Remove Conficker (On Gibni)



If you ever heard about Microsoft (the maker of Windows and a full bundle of problems attached to it), and if you have already heard about Conficker, or also called Downup, Downadup or Kido, I suppose that you’ve already taken steps on protecting yourself and your friends from this computer worm (or virus as some may call it!).

conficker_final

On February 12, 2009, Microsoft announced a U.S. $250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet. Microsoft’s reward offer stems from the company’s recognition that the Conficker worm is a criminal attack. Microsoft wants to help the authorities catch the criminals responsible for it. Residents of any country are eligible for the reward, according to the laws of that country, because Internet viruses affect the Internet community worldwide. ( http://technet.microsoft.com/en-us/security/dd452420.aspx )


graph-conb1

According to Yahoo Tech news:

“The criminals behind the widespread Conficker worm have released a new version of the malware that could signal a major shift in the way the worm operates.

The new variant, dubbed Conficker B++, was spotted three days ago by SRI International researchers, who published details of the new code on Thursday. To the untrained eye, the new variant looks almost identical to the previous version of the worm, Conficker B. But the B++ variant uses new techniques to download software, giving its creators more flexibility in what they can do with infected machines.

The new B++ variant uses the same algorithm to look for rendezvous points, but it also gives the creators two new techniques that skip them altogether. That means that the Cabal’s most successful technique could be bypassed.”

Also known as Downadup, Conficker spreads using a variety of techniques. It exploits a dangerous Windows bug to attack computers on a local area network, and it can also spread via USB devices such as cameras or storage devices. All variants of Conficker have now infected about 10.5 million computers, according to SRI.


Here’re some statistics according to SRI:  ( http://mtc.sri.com/Conficker/ )


Total IP Addresses: 10,512,451
Total Conficker A  IPs:    4,743,658
Total Conficker B  IPs:     6,767,602
Total Conficker AB IPs:   1,022,062OS Breakdown:
WinNT=0, 2000=163395, WinXP=10189556, 2003 Srv=75361, Vista=82495, Win98=44, Win95=32, WinCE=3, Other=1565Browser Breakdown:
IE5=26,525, IE6=7,494,466, IE7=2,988,039, FireFox=893, Opera=150, Safari=166, Netscape=12



conficker-2009-01-29-countries

SRI says that China is the most infected country by Conficker, and follow Brazil and Russia.

I’ve noticed that Indonesia, Thailand and India are some of the most infected countries today and people are actively searching about this virus/worm.

To note that more than 9 million computers are infected worldwide till date!

For detailed “How to remove Conficker worm” instructions, visit this post: How to Remove Conficker (On Gibni)

One thought on “Conficker

  1. Angela Wenke

    After reading your articles on here I spread this information to my friends and family in hopes of protecting them from this horrible worm. Your blog posts are informative and I really love how you give the straight facts, with links to your sources plus you provide helpful information to help those whom might be infected
    Thank you
    Angie

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge