Conficker
Conficker spreads anew, covers tracks and begins pitching fake AntiVirus
April 10, 2009
Trend Micro virus hunter Ivan Macalintal appears to be the first researcher to identify specific, updated instructions being passed along, node-to-node, among PCs infected with Conficker Variant C.
On April 8, Macalintal isolated an infected PC in Korea that was passing the update across Conficker’s customized P2P network. The PC in Korea received the update from another node on Conficker’s P2P net. Macalintal told LastWatchdog that he also has identified …More
Conficker stops spreading as bad guys tighten grip on already-infected PCs
April 2, 2009
The Microsoft-supplied diagram (shown below) depicting how Conficker spreads is accurate, but dated, and therefore somewhat misleading.
The lastest version of Conficker, Variant C, is not looking for unpatched Windows PCs to infect, according to SRI International and IBM ISS.
The bad guys appear to have infected more PCs than they can productively manage, perhaps well over 10 million, according to OpenDNS founder David Ulevitch.
Conficker C first appeared on March 5. It’ s …More
IBM ISS cracks open Conficker’s secret communications code
March 31, 2009
An IBM Internet Security Systems researcher, named Mark Yason, has cracked open Conficker’s secret communications protocol — the means by which infected PCs are using Conficker’s customized peer-to-peer, or P2P, network to stay in touch with each other.
This is a major breakthrough. Yason worked straight through a couple of sleepless nights to reverse engineer the coding designed to cloak the ongoing “random chatter” between PCs in Conficker’s custom-built P2P …More
Debate over significance of Conficker phoning home on April Fools Day
March 28, 2009
Many security experts are downplaying the significance of millions of Conficker-infected PCs initiating an elaborate calling home sequence on April 1.
Still, concerns are growing about the much firmer grip the bad guys are on the cusp of securing on the corrupted PCs, whether or not they choose to do anything with them on April Fools Day.
SecureWorks senior researcher Joe Stewart, who gave up playing bass guitar in a rock band …More
Consumer tips for combatting Conficker
March 25, 2009
Quicky Conficker infection test
To quickly find out if your PC might be one of the millions infected by Conficker, try clicking to Microsoft.com. Next try Symantec.com. Now try McAfee.com. If you can get to these sites, you are not infected. But if your browser will not let you access any of these websites, as shown below, then you very likely are infected with Conficker.
You can also conduct a visual version of this text by using this eye-chart …More
Countdown to Conficker’s April Fools Day Climax
March 25, 2009
Two schools of thought exist about what the Conficker worm will do come the wee hours of April 1, 2009, GMT.
Some experts, like WinPatrol creator Bill Pytlovany, are sensing that the worm’s controllers will run circles around the Microsoft-led “cabal” of security groups trying to block some 3 million to 12 million Conficker-infected PCs from phoning home on April Fools Day.
CLICK HERE for consumer tips on combatting …More
The evolution of an extraordinary globe-spanning worm
March 25, 2009
Conficker timeline
2008 – 2009
CLICK HERE to see F-Secure’s comprehensive Conficker FAQ.
2008
Aug. 20: The Gimmiv Trojan, which exploited the vulnerability Conficker capitalises on, is first spotted running in a virtual machine on a server in South Korea. Experts speculate this was a a test run prior to it being released in the wild. (Source: BBC)
Sept. Chinese malware brokers are spotted selling a $37 tool kit that allows anyone to exploit this newly-discovered security hole in a component of …More