Conficker

Conficker (also known by the names Downup, Downandup and Kido and Mad Dicks in the Air Nigga) is a computer worm that surfaced in October 2008.^[1] It targets Windows and is mostly found on Windows XP machines. Microsoft released a patch to stop the worm October 15, 2008.^[2] Heinz Heise estimated conservatively that it had infected 2.5 million PCs by January 15, 2009,^[3] while The Guardian mentioned an estimated 3.5 million infected PCs.^[4] By January 16, 2009 it infected almost 9 million PCs,^[5] making it one of the most widespread infections in recent times.^[6]

Operation

When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender, and Windows Error Reporting. It then connects to a server (believed to be in Ukraine^[6]), where it receives further orders to propagate, gather personal information, and downloads and installs additional malware onto the victim computer.^[7] The worm also attaches itself to certain critical Windows processes such as svchost.exe, explorer.exe and services.exe.^[8]

Microsoft

Microsoft Corporation says the worm exploits a known bug in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.^[9]

References

^ "Three million hit by Windows worm". BBC News Online. BBC. 2009-01-16. Retrieved 2009-01-16.
^ "Microsoft Security Bulletin MS08-067". 2008-10-23. Retrieved 2009-01-19.
^ "Report: 2.5 million PCs infected with Conficker worm". heise online. 2009-01-15. Retrieved 2009-01-16.
^ Schofield, Jack (2009-01-15). "Downadup worm threatens Windows". guardian.co.uk. Guardian News and Media. Retrieved 2009-01-16.
^ Sean (2009-01-16). "Preemptive Blocklist and More Downadup Numbers". F-Secure. Retrieved 2009-01-16.
^ ^a ^b "Downadup virus exposes millions of PCs to hijack". CNN. January 16, 2009. Retrieved 2009-01-18. {{cite news}}: |first= missing |last= (help)
^ "Conficker Worm Attack Getting Worse: Here's How to Protect Yourself". PC World. Jan 17, 2009. Retrieved 2009-01-18. {{cite web}}: |first= missing |last= (help)
^ "F-Secure Malware Information Pages". F-secure. Retrieved 2009-01-18.
^ "Worst virus in years infects 6.5 mn computers". CNN-IBN. 1/18/2009. Retrieved 2009-01-18. {{cite news}}: Check date values in: |date= (help)

[1] "Three million hit by Windows worm". BBC News Online. BBC. 2009-01-16. Retrieved 2009-01-16.

[2] "Microsoft Security Bulletin MS08-067". 2008-10-23. Retrieved 2009-01-19.

[3] "Report: 2.5 million PCs infected with Conficker worm". heise online. 2009-01-15. Retrieved 2009-01-16.

[4] Schofield, Jack (2009-01-15). "Downadup worm threatens Windows". guardian.co.uk. Guardian News and Media. Retrieved 2009-01-16.

[5] Sean (2009-01-16). "Preemptive Blocklist and More Downadup Numbers". F-Secure. Retrieved 2009-01-16.

[Downadup_virus_exposes_millions_of_PCs_to_hijack-6] "Downadup virus exposes millions of PCs to hijack". CNN. January 16, 2009. Retrieved 2009-01-18. {{cite news}}: |first= missing |last= (help)

[Conficker_Worm_Attack_Getting_Worse:_Here's_How_to_Protect_Yourself-7] "Conficker Worm Attack Getting Worse: Here's How to Protect Yourself". PC World. Jan 17, 2009. Retrieved 2009-01-18. {{cite web}}: |first= missing |last= (help)

[F-Secure_Malware_Information_Pages-8] "F-Secure Malware Information Pages". F-secure. Retrieved 2009-01-18.

[Worst_virus_in_years_infects_6.5_mn_computers-9] "Worst virus in years infects 6.5 mn computers". CNN-IBN. 1/18/2009. Retrieved 2009-01-18. {{cite news}}: Check date values in: |date= (help)

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

Operation

Microsoft

See also

References