Jump to content
xisto Community
Saint_Michael

Virus Alert - Conflicker Worm

Recommended Posts

Well there is another fast and up and coming virus on the world computer networks but it would seem that this virus could be a dud or so people thought thus the confusion with this worm. The work has other alias's which include Downadup and Kido and as for the package that it delivers it would seem to be a rather disturbing one or common attacks you chose, but it disables the following services: Windows Automatic Update, Windows Security Center, Windows Defender, and Windows Error Reporting. However, that is part one, part two is that it connects to a server to download even more stuff to infect your computer with and so how is this done you may ask?

Well an article from compterworld.com states that it " exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008" and even though Microsft did make an update for this little bug it would seem that not many people updated there computers to fix it. On top of that though Conficker uses random file extensions to make its attack and so the security team that is watching this worm says too do a full scan of everything and not a quick scan in order to find this worm if your computer is infected. As for the security updates Microsoft mentions that users need to install Security Update MS08-067 and as for various security software, none of the articles mention who has updated for this one but your best bet is to head over to the websites and see what they have for this worm.

Although the infection is small, 8-10 Million computers, rate of infection is pretty fast since it was at two million computers but it only took four days to reach the 8 million mark. So if you see that you have some Windows services disabled especially when you go to update your computer with this security patch, you might be infected but just make sure to keep your computers up to date to prevent your computer from getting infected.

SOURCES

http://forums.xisto.com/no_longer_exists/

https://www.yahoo.com/tech/

https://www.yahoo.com/tech/

Share this post


Link to post
Share on other sites

Most computers infected are from the commercial sector, with over 8 million PCs infected in various corporate office all over the world as of last Friday. If I read the article on CNN correctly, no one knows what the virus does, but it IS capable of sending information back to the origin to steal passwords and blah blah blah. Pretty crazy stuff... and the best part is that I'm sure not a lot of people even know they're infected, since it's a sleeper.

Share this post


Link to post
Share on other sites

I got a similar virus a while ago, it didn't allow me to use any updates for windows, not the defender, the security center, and the funny thing is that the message that appears looks totally real like there's actually something wrong with your computer any different from a virus, so I started to research a little bit about my symptoms and found out was a vundo something like that, that works silently and I don't know how many things did that I didn't notice, but anyways after the virus was gone my computer started running again normal. So those are the most dangerous ones I think in terms of information because you don't notice that easy...

Share this post


Link to post
Share on other sites

Most computers infected are from the commercial sector, with over 8 million PCs infected in various corporate office all over the world as of last Friday. If I read the article on CNN correctly, no one knows what the virus does, but it IS capable of sending information back to the origin to steal passwords and blah blah blah. Pretty crazy stuff... and the best part is that I'm sure not a lot of people even know they're infected, since it's a sleeper.

got a e mail on all this this morning. So ashame some people have nothing better to do that to come up with some worm or trojan to to steal info or to distroy your computer. what ever happen to the day when you didnt need to worry of all this?

Share this post


Link to post
Share on other sites

Aye although i agree whith you in principal thunder i do take my hat off to some virus writers as some of them are pretty advanced in the programing stakes....Although they are all little evil pigmey people who live on the souls of sheep... :P any way my 2 pence worth laters

Share this post


Link to post
Share on other sites

Well to toss a little update to this worm, it would seem that USB flash drives add more to the difficulty of this worm, now it goes after anything with autoplay or autorun. Which means every time you plug in a flash drive you are in line of getting your computer infected with this virus, of course they don't make clear if the USB drive has to be infected in order for this virus to be installed or it waits for a USB drive to be plugged in and you to open the new options for the virus to go into effect.

Of course once it goes into effect it would get you through that network flaw if you have not patch it yet and thus becomes even more difficult to remove. The reason for this is that it can bypass the anti-virus scan and so it won't be picked up at all and thus you have spend time looking for it, but if your anti-virus software does pick it up and does not remove it, F-Secure has a tool to do it for you.

So make sure your system is protected and make sure that no one except for you and people you know handle your Flash Drive, even then I wouldn't give it to a friend because they could pass it off to someone who could be infected.

SOURCE

https://www.yahoo.com/tech/

Share this post


Link to post
Share on other sites

what ever happened to the days when a virus did not really hurt your computer but just a simple message popped up say HA HA Your Stoned. and all you had to do was reboot or remove the file you had just downloaded? Sadly thoughs days are gone my friends. :P

Share this post


Link to post
Share on other sites
what ever happen to the day when you didnt need to worry of all this?

"that day" was last April when I installed Linux... :P

Share this post


Link to post
Share on other sites

LOL @ jhaslipIt's funny that our IT guy JUST disseminated this information down to the company. How is it that I know it before he does... 5 days prior?You wonder why so many people are infected.Read the article that SM provided... it shows you how you are tricked into running the AutoRun executable found on an infected USB stick. Look at the image closely.As far as virus writers go, I believe that there are some that actually experiment with creating virii, but have accidents in releasing it to the public, and you know how that goes. Other virus writers with malicious intents obviously want to live the easy life and feed off of other people's finances... that's why we have so much phishing, spyware, and other malware around. And of course, there are just some sick, demented b-tards out there that find some sort of satisfaction in nuking other PCs. (I personally would find more satisfaction with utilizing a Trojan to nuke a target PC, which, in the grand scheme of things, may be a rather dumb thing to do for vengeance, but if you do much more than just messing around with windows, killing applications, or opening an optical drive, you can potentially ruin someone's day, week, or month. Now how's that for psychological warfare, considering the amount of data and consequently how much of our lives we invest on our personal computers?)Agreement goes with websey... some of these guys have talent, but at the same time, they're wasting that talent with malware when they could be putting that skill to good use working with anti-virus companies, software security, etc.

Share this post


Link to post
Share on other sites

Ive been warning folks i know about this one, to be honest it is a worm that infects the foolish (mostly) a computer in sheffield city in the UK had 10% (800) of its computers infected after managers turned off auto updates because of the force reboot, it rebooted information computers in the operating theatres (non-critical ones, just ones that show info) so they turned off the update... 800 PCs infected because a manager made a foolish decision in the absence of the IT guys...Just keep firewalls up, clean flash drives, dont auto-run and update and your good.And linux isnt safe either, its speculated that the worm could work under WINE if launched (though presumably to do so you would need to launch it yourself.. i dont know)

Share this post


Link to post
Share on other sites

I thought I pass another Conflicker worm update and it seems that the designers of this worm had some special means to design this worm. Since the worm has affected countries known to be big piracy countries such as China and parts of Latin and South America.

Huger said the worm's designer has written special code that operates a certain way on Chinese and Brazilian networks, meaning those two countries may have been targeted by the attackers.
Nobody knows for sure why Asia and Latin America were so hard hit, but Huger and Porras both said countries with large amounts of pirated software were more likely to be affected. "I think that piracy plays a role, though I don't know if it's the key contributor," Huger said.


I doubt that they are doing this out of the kindness of their hearts though, but odds are they have some good info on those locations or rather they live in either or. However, what is is interesting is that the new version is now going after Ukraine based computer unlike the other version and on top of that North America and parts of Europe are not as heavily affected as everyone else. Which is surprising to me but hey you got the resources and the money, then the quick response to protect your computers is a sure thing.

On top of that it now seems Conflicker is installing Antivirus XP a very popular rouge program that trick people into believing that it is an anti-virus program and in order to get full protection you need to purchase the full version. However, the big package has yet to be delivered and many security experts believe this one has a payload to it, but right now they are still figuring out what it is. They do believe could be a giant botnet or could be sold off but they are not sure of that as of yet as the infected computers are going through hundreds of different websites waiting for further instructions

As for the USB infection, this article finally makes it clear how or rather how the worm spreads through USB flash drives, and that it only happens when the computer is infected. Which means that this worm works by also seeing if there are any memory devices connected to the computer and then work its magic.

SOURCE

https://www.yahoo.com/tech/

Share this post


Link to post
Share on other sites

I thought I pass some more information about what Conficker does as the details of this worm are slowing being found. The first part is that conficker contacts at least 250 domains a day to get issues commands and so odds are infected websites are part of that contact and in some cashes new created ones as well. However, it would seem that algorithm has been cracked by F-Secure and Kaspersky and so they have a good idea which of those 250 domains will be contacted on top of that F-Secured has provided a list of domains for network admin to use to start blocking these sites from being contact.

 

So if those domains are not contacted then Conficker just because a dead worm with no where to go but to sit idling by and maybe wait for a new website to be added. Because of that this list will always get updates as new domains are either added each day or each week and so make sure to check this list weekly if your a network admin. It also seems OpenDNS is doing a similar move and so if you have an account with them already they you have at least once layer of protect, but if your not it is highly suggested, especially if your a small or medium business.

 

SOURCE

 

http://www.pcworld.com/article/159126/opendnsconficker.html

Share this post


Link to post
Share on other sites
No perfect security!Virus Alert - Conflicker Worm

I run Linux only in my business and  home environments.

I run a four port firewall that... Well I won't go into that. I will say if it runs on Windows, Wine, Linux Emu or what ever but not in the native Linux/Unix environment then we are OK here.

There is one fact that should be noted by Linux users.  Nothing is completely immune from everything. I had a server at the ISP I used to own/run had a root kit on it.  They guy is in jail now but that's another story. The server was Linux so there you are.

-reply by Pete G

 

Share this post


Link to post
Share on other sites
Um, what?Virus Alert - Conflicker Worm

Replying to shadowx

So, it's "speculated it could run under WINE" means "Linux isn't safe"?So, you'd have to run WINE (while root, and not sandboxed), knowingly activate the virus, and then leave WINE running (while still root, and still not sandboxed) to be effected.Or, at least that's the "speculation".And this makes sense to you? A hypothetical scenario in which you have to ACTIVELY seek to become infected, then CHOOSE to remain infected instead of simply closing WINE, and you think this means "Linux isn't safe"?How much is Microsoft paying you to Astroturf for them?God, you people make my brain hurt.-reply by SteveKeywords: conflicker linux

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.