The complexity of its code and its adeptness at propagation intrigued security experts. When activated, Conficker replicates itself to system folders as a DLL file with a random name. It then modifies the Windows registry such that the svchost. The worm, which is also known as Downadup and Kido, have five variants with different defense mechanisms against security tools and user intervention.
These mechanisms include blocking DNS lookups, disabling Safe Mode, deleting System Restore points and forcing installed security software to terminate. One known variant, Conficker. E, may download and install other malware, such as the Waledac spambot and SpyProtect scareware. Conficker is programmed to contact its creators over the Internet via a number of pseudorandom URLs, which change on a daily basis in order to conceal its activity from cybersecurity professionals.
If installed, these updates would help the worm circumvent new security enhancements that are meant to stop it. The worm may spread by taking advantage of a vulnerability in the Microsoft Server service that allows remote code execution. Computers and servers without the security patch MS are susceptible to attacks. If an infected computer is part of a local network, Conficker can perform brute-force attacks on other connected computers or hosts to obtain administrator passwords, gain unauthorized access and make copies of itself in system folders of those computers.
Another way the Conficker propagates is through USB drives and other removable media. The worm modifies a file in the removable drive that adds another option to the AutoPlay dialog box. Choosing this option or trigger executes the worm, further spreading the infection.
The first variant of Conficker appeared in November , and four more variants followed within five months. Security professionals expected the worm to cause significant damage on April 1, , the date believed to be when the creators of the worm would send instructions to the infected computers and wreak havoc. Luckily, nothing significant happened that day, even though the worm had the destructive potential to, say, destroy files, steal information and launch distributed denial-of-service DDoS attacks.
You will need to restart your computer for the changes to take effect. NOTE: In addition to downloading and installing the latest security patches, you can take other precautionary measures to reduce the risk of infection.
Reset your system passwords to admin accounts using more sophisticated ones. Note that the infiltration can spread through shared folders.
Type your old password, type your new password, type your new password again to confirm it, and then press ENTER. If you don't have an ESET product 3. Update your virus signature database. To verify that the stand-alone cleaner removed the Conficker threat, rerun the stand-alone cleaner and then run a scan with your ESET product. After successfully running the ESET stand-alone cleaner, we recommend that you read the following Microsoft article for information about important security patches and recommended group changes:.
For maximum protection against future threats, make sure your operating system is patched according to Microsoft's recommendations and that your ESET product is up to date. Patches are not needed for Windows 7 and Server The patches below are not necessary for Windows 7 or Server r2, as the exploit used by Conficker does not exist on these operating systems.
Last Updated: Mar 23, Was this information helpful? Additional resources. User Guides. ESET Forum. YouTube videos. Best Antivirus. Antivirus for Android. Best Website Security. Website Checker. WordPress Security. Free Web Hosting. Website Backup. Got more than 1 PC? Share this article:. Get Now! Resources Tutorials WordPress. What is Conficker Worm? October 30, By admin 17 votes, 5.
Terminate Windows LAN service ports when not required. Implement a strong password policy.
0コメント