Information about Conficker

Saturday, April 11th, 2009

Here’s an illustration of how the Conficker worm works

Conficker is a collection of related malware strains typically described as a worm due to its ability to self-propagate through a network.  In other words, in contrast to a typical virus, Conficker does not necessarily need a user to do anything such as click on an infected file to compromise a system.  There are currently three known variants of Conficker (also called Downadup by some anti-malware vendors) and each of them can propagate through a number of mechanisms, the most common is by exploiting a vulnerability in Microsoft Windows.  This vulnerability can be fixed by applying a patch from Microsoft that was released last November (link below).

On April 1st, the Conficker C variants will begin utilizing a new domain name-generating algorithm that utilizes a much larger set of potential domain names than the previous variants to attempt to stay in contact with its command and control channel.  That is all that the drones are programmed to do.  It is important to note that the authors could also do this today via the P2P capability so there is no real significance to the April 1st date other than the activation of the new domain name generating algorithm.

Windows Update
http://windowsupdate.microsoft.com

Free Anti-Virus Online Scan
http://onecare.live.com/site/en-us/default.htm

Free Anti-Virus Software
Http://free.avg.com