Conficker virus a ticking timebomb
Experts are warning that hackers have yet to activate the payload of the Conficker virus. The worm is spreading through low security networks, memory sticks, and PCs without current security updates. The malicious program – also known as Downadup or Kido – was first discovered in October 2008.
Although the spread of the worm appears to be levelling off, there are fears that someone could easily take control of any and all the reported 9.5m infected PCs. Experts say users should have up-to-date anti-virus software and install Microsoft’s MS08-067 patch.
Method Of Attack
According to Microsoft, the worm works by searching for a Windows executable file called “services.exe” and then becomes part of that code. It then copies itself into the Windows system folder as a random file of a type known as a “dll”. It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service. Once the worm is up and running, it creates an HTTP server, resets a machine’s System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker’s web site.
Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down. But Conficker does things differently.
The worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers’ files. On the face of it, tracing this one site is almost impossible.
Microsoft says that the malware has infected computers in many different parts of the world, with machines in China, Brazil, Russia, and India having the highest number of victims.
Tags: anti-virus, microsoft, virus
January 20th, 2009 at 22:21
[...] Business Internet Community » Blog Archive » Conficker virus a … [...]
January 24th, 2009 at 18:26
The possibility that confiker is gearing up for a second wave attack is kinda scary. They say that 16% of all pcs are infected, but that’s probably a rather low guess as it doesn’t include those users who have no anti-virus, or who have not recently scanned their system.