SysChat is a free online computer support community. Ask questions, share resources, contribute knowledge and discuss technology. Join our growing community to access all features. Register Now!

SysChat » Tips 'n' Tricks » Security » Conflictor C worm WARNING


tips on computer security, virus, spyware and malware prevention

LinkBack (3) Tip Tools

Conflictor C worm WARNING

By lurkswithin
Conficker.C Worm - Major Attack targeted to start on April Fools Day, Please ensure all Servers/PCs are patched
I got this from another forum and give the credit for this warning to them.

Conficker.C Worm - Major Attack targeted to start on April Fools Day - Calendar Of Updates

Microsoft MVP - Security
post Mar 20 2009, 04:14 PM

The Conficker worm is one of the most dangerous malware threats in years, especially for corporate users. A new "C" variant has been developed that's even more potent and stealthier than the two prior variants. It's imperative that Microsoft's MS08-067 patch be applied to all servers and workstations, while the worm is currently dormant.

If it establishes a foothold anywhere in the network, it can even spread to systems that are patched with the MS08-067, if they are insecure in other areas, (i.e., it uses multiple attack methods).

Please take precautions now, as this one will be even more difficult than "B" was to clean.

Conficker.C Worm - Major Attack targeted for April Fools Day
Latest Conficker worm gets nastier | Security - CNET News

QUOTE: Just when you might have thought it was safe to start using USB flash drives at work again, the third, and by all accounts, most fiendish version of the Conficker worm that's infected millions of PCs already is set to attack on April 1st, Ars Technica reports. Conficker.C's designed to hide itself even more thoroughly than its older siblings Conficker.A and Conficker.B, using tricks such as:

• Inserting itself into as many as five Windows-related folders such as System, Movie Maker, Internet Explorer, and others (under a random name, of course)
• Creating access control entries and locking the file(s)
• Registers dummy services using a "one (name) from column A, one from column B, and two from column C" method
To find out what happens when Conficker.C strikes, join us after the jump.

Conficker.C's payload makes it harder than ever to recover from being infected:

• Deactivates Windows Security Center notifications
• Prevents restart in Safe Mode
• Prevents Windows Defender from running at system startup
• Deletes all system restore points
• Disables various error-reporting and security services
• Terminates over twenty security-related processes
• Blocks DNS queries
• Blocks access to security and antivirus websites
• And, to top it all off, Conficker.C can choose from a list of 500 domains to contact out of a pool of 50,000 (way up from Conficker.B's 32 out of 250).

Conficker.C - Detailed Evaluation by SRI
An Analysis of Conficker C

QUOTE: Variant C represents the third major revision of the Conficker malware family, which first appeared on the Internet on 20 November 2008. C distinguishes itself as a significant revision to Conficker B. In fact, we estimate that C leaves as little as 15% of the original B code base untouched

protect.gif Below are some resources for information and cleaning tools for the Conficker worm:

Conficker - Cleaning tips for corporate users

Internet Storm Center - Conficker Resource Center
SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

Microsoft Resources
Virus alert about the Win32/Conficker.B worm
By lurkswithin on 03-30-2009, 05:57 PM

Use this link to a free online scanner for the conflicter worm and associates.

Remove Downadup - Removal tool for Downadup (known also as Conficker or Kido)

This scanner is quick and fast but a browser add-on will need to be installed for the scanner to work.

Those that are most likly to be infected are those from South America and Asia as that is where most un updated protection computers are located because of the use of pirated software.

Microsoft does not support updates to these areas unless proven WGA.
Reply With Quote
By lurkswithin on 03-30-2009, 10:07 PM

Here is a tools list that will help in the removal of conflicter.

Understand that if you are infected or get infected, you may not be able to go directly to the web pages for these tools from the infected computer because of blocking or complete shut down of your computer internet service.

It might be wise to down load these to your computer before so and run them for the protection!

Conficker Work Group - ANY - RepairTools
Reply With Quote
By pauls on 04-04-2009, 07:26 PM

It was amazing how pervasive this was. We run a really tight ship at work, but it still wormed it's way in. I guess it just takes 1 person.
Reply With Quote

Tip Tools

LinkBacks (?)
LinkBack to this Thread:
Posted By For Type Date Hits
VIRUS WARNING! - General Message Board - GENERAL BOARDS - Friends and Angels 2 - Message Board - Yuku This thread Refback 04-01-2009 03:43 AM 1
Wow!!!!! Update on VIRUS - General Chit Chat - GENERAL BOARD - AraLews Place - Message Board - Yuku This thread Refback 03-31-2009 09:31 AM 1
Computer Security on | BoardReader This thread Refback 03-24-2009 10:22 AM 1

Similar Threads
Tip Tip Starter Category Tips Last Post
Millions hit by Windows worm Conficker, Downadup, or Kido Sami News 0 01-19-2009 03:48 PM
Re: rar file with worm edlal Computer Security 3 01-16-2007 05:54 PM
New Bagle Email Worm Spreading via Encrypted Zip File Sami News 0 06-22-2006 01:37 AM
Yahoo Messenger worm Installs Unsafe "Safety Browser" Sami News 0 05-22-2006 12:30 AM
Feebs Worm Spreads via email, P2P and More Sami News 0 04-23-2006 01:51 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are on

» Ads

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54