Home Malware Programs Worms Conficker

Conficker

Posted: January 27, 2009

Threat Metric

Threat Level: 9/10
Infected PCs: 59
First Seen: July 24, 2009
Last Seen: July 11, 2020
OS(es) Affected: Windows

Conficker is a worm whose greatest notoriety was gained during the year of its appearance, 2008, but which has spread sufficiently to warrant warning PC users even as of 2014. Even taking its age into account, Conficker is a worm with sophisticated means of distribution that may employ brute-force attacks against password-protected against, as well as the exploitation of general software vulnerabilities. Conficker-afflicted PCs are linked to a botnet that may distribute spam or launch other threatening activities, and victims may be unable to access critical security features. Malware researchers recommend using updated and proven anti-malware tools for removing Conficker, which often is patched to stay ahead of the curve of threat-defining database updates.

Conficker: the Worm of Seven Years Long that Still is Going Strong

Although Conficker is a worm of many names, including Downup, Kido and Downadup, Conficker is a worm that has had a consistent focus on enabling illegal botnets by compromising large numbers of PCs. Variants of Conficker, such as Conficker.A or Conficker.B, may use different mechanisms to infect new PCs, and new variants of Conficker periodically are discovered, even in recent years. Conficker's basic strategies for distribution include:

  • Distributing copies of itself to local network-connected computers. Password-protected networks may be 'hacked' by Conficker attempting to use dictionary attacks that guess weak passwords.
  • Exploiting vulnerabilities on outdated Windows XP, 2000 and Server 2003 operating systems. Patched operating systems are protected from this attack, which has been deactivated in exchange for alternate infection techniques.

Some variants of Conficker worms also are installed on already-infected PCs, and are intended to be 'updates' to old variants of Conficker. The outdated worm may download this update automatically along with multiple forms of additional threats.

The use of secondary equipments such as USB thumb drives also should be monitored to prevent Conficker or related PC threats from compromising these devices. A standard infiltration technique could allow any PC sharing these devices to be infected as soon as the device is inserted.

Keeping Your PC from Being Conned by a Conficker Worm

Since Conficker's major payloads are related to botnet activities, the bulk of its attacks take place 'behind the scenes.' However, Conficker infections sometimes cause various symptoms, particularly ones that are related to blocking its deletion. As of malware researchers' last acquired samples, these symptoms may include the reset of Windows account policies, blocked Windows accounts, the automatic disabling of basic Windows features (such as Windows Update or Windows Defender), slow server response times, unusually high network activity and browser hijacks that block your access to some security websites.

Conficker is a good case study of an old threat that has seen regular updates from committed and highly-skilled criminal programmers in order to remain relevant to the landscape of modern computing. Some of the last known variants of Conficker worms even have been used to install fake anti-spyware programs and spambots. Although deleting Conficker is nothing less than extremely urgent for keeping your computer safe, malware researchers recommend leaving that task to appropriate PC security products that are able to detect all copies of Conficker and any related threat.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



malware.exe File name: malware.exe
Size: 188.88 KB (188886 bytes)
MD5: 38c3d2efdd47b1034b1624490ce1f3f2
Detection count: 50
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
malware.exe File name: malware.exe
Size: 110.59 KB (110592 bytes)
MD5: 09edf06953b56ee6a8cb6823cb3b2996
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
vhoinp.dll File name: vhoinp.dll
Size: 89.08 KB (89088 bytes)
MD5: e80c7cb77020f9326e15b3a0fb298045
Detection count: 29
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

Related Posts

One Comment

  • Jim w says:

    my computer will not allow me to log into windows it logs back off as soon as you log in can you give me any help please thank you

Loading...