Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Posts Tagged ‘Conficker’


Conficker spreads anew, covers tracks and begins pitching fake AntiVirus

Trend Micro virus hunter Ivan Macalintal appears to be the first researcher to identify specific, updated instructions being passed along, node-to-node, among PCs infected with Conficker Variant C.

On April 8, Macalintal isolated an infected PC in Korea that was passing the update across Conficker’s customized P2P network. The PC in Korea received the update from another node on Conficker’s P2P net. Macalintal told LastWatchdog that he also has identified similar P2P transfers taking place amongst Conficker-infected PCs in Thailand.

So the other shoe has fallen. Conficker’s controllers have begun sending malicious payloads to infected PCs. And they did not even have to get infected machines to successfully check in at …more

Conficker stops spreading as bad guys tighten grip on already-infected PCs

The Microsoft-supplied diagram (shown below)  depicting how Conficker spreads is accurate, but dated, and therefore somewhat misleading.

The lastest version of Conficker, Variant C,  is not looking for unpatched Windows PCs to infect, according to SRI International and IBM ISS.

The bad guys appear to have infected more PCs than they can productively manage, perhaps well over 10 million, according to OpenDNS founder David Ulevitch.

Conficker  C first appeared on March 5. It’ s singular  purpose is to connect with — and install updates on — PCs previously infected with variants,  B and B++, says Philip Porras, program manager at SRI.

For weeks prior to the arrival of Conficker C, machines infected with B and …more

IBM ISS cracks open Conficker’s secret communications code

An IBM Internet Security Systems researcher, named Mark Yason, has cracked open Conficker’s secret communications protocol — the means by which infected PCs are using Conficker’s customized peer-to-peer, or  P2P,  network to stay in touch with each other.

This is a major breakthrough. Yason worked straight through a couple of sleepless nights to reverse engineer the coding designed to cloak the ongoing “random chatter” between PCs in Conficker’s custom-built P2P network, says Holly Stewart, IBM ISS threat response manager.

Last Thursday, Big Blue began adjusting intrusion-detection appliances it has in place inside 3,800 corporations in 170 countries. These are  subscribers to its Managed Security Services. IBM began to  scan …more

Debate over significance of Conficker phoning home on April Fools Day

Many security experts are downplaying the significance of  millions of Conficker-infected PCs initiating an elaborate calling home sequence on April 1.

Still, concerns are growing  about the much firmer grip the bad guys are on the cusp of securing on the corrupted PCs, whether or not they choose to do anything with them on April Fools Day.

SecureWorks senior researcher Joe Stewart, who gave up playing bass guitar in a rock band to become an elite virus hunter, is the latest good-guy coder to downplay the significance of instructions embedded in  Conficker-infected PCs to phone home April 1. On Wednesday, each PC will begin generating a list of 50,000 web addresses, …more

Consumer tips for combatting Conficker

Quicky Conficker infection test

To  quickly find out if your PC might be one of the millions infected by Conficker, try clicking to Microsoft.com. Next try Symantec.com. Now try McAfee.com. If you can get to these sites, you are not infected.  But if your browser will not let you access any of these websites, as shown below, then you very likely are infected with Conficker.

You can also conduct a visual version of this text by using this eye-chart tool created by SecureWorks’ Joe Stewart. Click here to get the full eye-chart.

These tests key off the fact that Conficker blocks you from reaching any web address that includes Microsoft, …more

Countdown to Conficker’s April Fools Day Climax

Two schools of thought exist about what the Conficker worm will do come the wee hours of April 1, 2009, GMT.

Some experts, like WinPatrol creator Bill Pytlovany, are sensing that the worm’s controllers will run circles around the Microsoft-led “cabal” of security groups trying to block some 3 million to 12 million Conficker-infected PCs from phoning home on April Fools Day.

CLICK HERE for consumer tips on combatting conficker.

“After a lot of research and debate I have been convinced that April 1st is not going to be a good day for the Internet,” says Pytlovany.  “How Conficker will mutate is anyones guess. It could be anything from turning …more

The evolution of an extraordinary globe-spanning worm

Conficker timeline
2008 – 2009

CLICK HERE to see F-Secure’s comprehensive Conficker FAQ.


Aug. 20: The Gimmiv Trojan, which exploited the vulnerability Conficker capitalises on, is first spotted running in a virtual machine on a server in South Korea. Experts speculate this was a a test run prior to it being released in the wild. (Source: BBC)

Sept. Chinese malware brokers are spotted  selling  a $37 tool kit that allows anyone to exploit this newly-discovered security hole in a component of Windows, called  RPC-DCOM, which enables file and print sharing. RPC-DCOM is built into all PCs of Windows XP vintage and earlier, some 800 million machines worldwide

Sept. 29: Gimmiv first seen in the wild infecting a PC in Hanoi, Vietnam. Over …more