Jump to content

Conficker worm - real or hype?


Kromulok
 Share

Recommended Posts

Hello all,

Just curious if there is any truth to some of the hype regarding the april fools day conficker worm and curious if malwarebytes has any updated definitions to deal with the threat if it is in fact real.

Just thought I would start a discussion on this to see whats up.

Link to post
Share on other sites

This is a very real threat. Not sure if MBAM can do much but design some heuristics to try and detect the new variant. No one knows what the new variant will look like or do YET. In the meantime, get your system patched and updated through Windows Update.

Link to post
Share on other sites

Hopefully this is a hype :) . I hope MBAM can destroy it.

Bill Pytlovany of WinPatrol's experience

Wednesday, April 01, 2009

Conficker Activity on April Fools Day

Everyone has been talking about the Conficker worm and predicting what will happen on April Fools Day. As a security researcher I have left one honeypot system infected with Conficker.c to see what would happen.

Just after midnight, my windows desktop wall paper was drastically changed. No other changes were detected yet. I really feel violated.

http://billpstudios.blogspot.com/2009/03/c...-fools-day.html
Link to post
Share on other sites

I read briefly, a few weeks ago, that they didn't expect it to be so big as originally feared because ISPs were able to somewhat block the spread with special real-time detection software for the behavior of data travelling though their system.

Apparently, they did well.

Link to post
Share on other sites

  • Staff

I turned off the Server service long ago (and do every time I install Windows) as well as disabled the default admin shares so I'm immune from any variants I've seen so far. I'm not on a network either and all my flash drives use a custom autorun.inf file, so if it got infected and overwritten by conficker, I'd know it. Of course, my OS is fully patched as well.

Link to post
Share on other sites

I turned off the Server service long ago (and do every time I install Windows) as well as disabled the default admin shares so I'm immune from any variants I've seen so far. I'm not on a network either and all my flash drives use a custom autorun.inf file, so if it got infected and overwritten by conficker, I'd know it. Of course, my OS is fully patched as well.

Excuse me but what exactly does the server service do? Will it affect internet connection?

Link to post
Share on other sites

Theirs been plenty of media "buzz" about this malware and more than a fair share of scares.

The latest variants of Conficker are bringing along some other rootkits to add to the mess.

But, as a pc owner, pc user, your job 1 is to make sure your system is protected !

Make sure to have applied the KB958644 Security Update, which Microsoft released last October 2008 !

If you bring up Add-or-Remove programs, make sure it Shows all updates, do you see an entry

Security Update for Windows (KB958644) ?

If it is listed, the fix takes care of the vulnerability that Conficker depends on.

If you do not have this fix, do this immediately:

You may get the fix by clicking the link for your Windows version at this MS webpage

http://www.microsoft.com/technet/security/...n/MS08-067.mspx

or by making a direct visit to Windows Update

http://update.microsoft.com

For a quick visual test to see if your system is vulnarable to Conficker, visit this page at the Conficker Working Goup

http://www.confickerworkinggroup.org/infec...cfeyechart.html

and also this page at the University of Bonn

http://iv.cs.uni-bonn.de/fileadmin/user_up...ner/cfdetector/

Then, as always, keep your antivirus and anti-malware and security apps up-to-date.

Practice safe computing.

Always keep up with Windows Updates.

Link to post
Share on other sites

  • Staff

The most enlightening thing about all this Conficker nonsense is that 99% of the news is all about detailed analysis, not wide spread infection, of which to date, there has not been by any stretch.

Link to post
Share on other sites

honestly...doesn't every infection out there really have the potential to do what Conficker does? also, doesn't every worm already traverse the internet the same way? i mean, exploiting unpatched systems who are hooked straight into the internet, etc?

where's the news exactly? you know?

Link to post
Share on other sites

  • Staff
Excuse me but what exactly does the server service do? Will it affect internet connection?

Nope, it's used for sharing files, folders, and printers over a network, which I don't do since I use a standalone PC, so it is unneeded for me.

honestly...doesn't every infection out there really have the potential to do what Conficker does? also, doesn't every worm already traverse the internet the same way? i mean, exploiting unpatched systems who are hooked straight into the internet, etc?

where's the news exactly? you know?

The danger in Conficker is the rate at which it propogates, the fact that it can crack network passwords, and has multiple attack vectors (ie networks, flash drives as well as the net). It's multitiered nature is what makes it so risky.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Yes, I thought so too. But with the estimated revenues being drawn from spam distribution and identity theft it does make a lot of sense. Just consider the most common targets of MBAM: Rogues and Trojans, both are designed to steal cash or scam cash out of infected users. It's a big money market in an otherwise hurting economy.

Link to post
Share on other sites

  • 5 weeks later...

I was just reading through this thread and I just wanted to ask you exactly what you mean by this?

I'd like to be able to do it to my computer if possible.

;)

I turned off the Server service long ago (and do every time I install Windows) as well as disabled the default admin shares so I'm immune from any variants I've seen so far. I'm not on a network either and all my flash drives use a custom autorun.inf file, so if it got infected and overwritten by conficker, I'd know it. Of course, my OS is fully patched as well.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.