Wifi Password Recovery - UTM - Vulnerability Scanning


VIP LOUNGE
CLOUD LOGIN
Sun Sun Sun

You are here: News > News > Die Hard with a Vengeance: Conficker Lives On

» IT Security NEWS
 
» 21 May 2009
Die Hard with a Vengeance: Conficker Lives On
Even though the media isn't currently focusing its headlines on the Conficker menace, it doesn't necessarily mean that the threat has died down. Instead, variants of the superworm are as strong as ever, infecting a total of 50,000 new PCs daily.

According to reports from the Symantec Threat Intelligence Team, India, Brazil, and the U.S. are currently serving as the main stomping grounds for the worm. Symantec has even made a color-coded map demonstrating the spread of the malware, which can be found on Symantec's official site.

Conficker, also known as Downadup, infects a Windows system by either exploiting the weak password security of the OS to spread across shared networks or by taking advantage of systems unprotected against the MS08-067 vulnerability patched by Microsoft only last month. Infected removal media like USB sticks can also be used to spread the worm.

The worm has infected millions of systems since April Fools Day this year, which was when it changed the method it used to link up to pre-programmed servers in order to search for updates. Nothing happened save for the sensationalist media coverage on the date itself, but on April 9, some infected systems started to download extra items of malicious code through the P2P update functionality built into the latest versions of the worm. The updated components also had copies of the Waledac Trojan, which is a botnet program used to spread spam e-mails.

The Conficker worm works best through buffer overflow vulnerabilities found in the Server Service of Windows machines. The malware uses a precision-made RPC request to run code on the target PC. While it's operating on a computer, Conficker closes a number of system services such as Windows Error Reporting, Windows Defender, Windows Security Center, and Windows Automatic Update.

The worm then obtains further instructions by connecting to the Internet and getting a binary update. Instructions may vary from gathering personal data, downloading and installing additional malware unto the victim's computer, to propagating itself through other computers. The worm also fastens itself to certain Windows processes such as services.exe, explorer.exe, and svchost.exe.

Regardless of these new developments, there have been no new reports of Conficker-infected PCs running DOS (denial of service) attacks or sending spam. The overall number of Conflicker worms is constantly changing because of continuous clean-up efforts by anti-virus and anti-malware companies, so even if 50,000 machines are getting victimized each day, the overall population of infected computers is probably going through a lasting regression.

 


Reviews of SecPoint.com
 
 
 
 
 

Awards & Reviews
  

  

Subscribe to our Mailing List

Customer References


About
About
SecPoint
History
Mission Statement
Vision
Management
Investment
Bank
Sponsorship
Certificates
Environment
Environment
What is RoHS Weee?
Accounting
Values
Member of Organisations
Merchandise
SecPoint Certification
Design
Status Information
Hardware Vendors
Jobs
Environment
SecPoint on social media
Twitter Facebook Youtube
Products
Products
Protector
Cloud Protector
Penetrator
Portable Penetrator
Cloud Penetrator
Free IT Security Tools
Pricing
SecPoint Brochures
SecPoint Questions FAQ
SecPoint Datasheets
SecPoint SPID Library


Partners
Partners
Become a SecPoint Affiliate
Become a SecPoint Partner
SecPoint Franchising
SecPoint Partner Lounge
News
News
Press
Product Awards
SecPoint RSS Feeds


Contact
Contact
General Contact
IT Security Products Webshop
Latest SecPoint Software Images Change Log
SecPoint FAQ Frequently Asked Questions
SecPoint on Twitter
SecPoint Sales Training Videos
SecPoint Shipping Cost
SecPoint World Wide Shipping
Support
Solutions
Anti-Spam Appliance
UTM Appliance
Penetration Testing
Proxy Appliance
SAAS
Spam Filters
Vulnerability Assessment
Vulnerability Scanner
Vulnerability Scanning
Vulnerability Scanning Appliance
Web Content Filter
Web Filter Appliance
WiFi Hacking
How essential is vulnerability
management?
What is ...?

Encyclopedia | Free Scan Statement | Link Policy | Privacy Statement | Resources | Sitemap | User Policy
© Copyright 1999-2012: SecPoint®
SecPoint ApS Noerregade 7B - 1165 Copenhagen K - Denmark
US Toll free: +1-888-704-7297 - EU: +45-70-235-245