> > W32/Conficker Worm infects millions of PCs

W32/Conficker Worm infects millions of PCs

Posted on Friday, April 08, 2011 by Join share

Information about the W32/Conficker Worm:

W32/Conficker worm has exploited most of the malware entry points available in the Operating System and exploited to its benefit. Once the computer infected by the worm, it alters all the pre-requisite registry location to spread through Network, removable drives (USB sticks). The Worm can enter user's system in multiple ways, it may be through network with Admin$ share (brute force dictionary attack), systems with unsecured shares, systems not patched with vulnerability or USB drive etc. Due to this even though user follows the safe computing practice, system may get infected.

Upon execution the worm copies itself with the random name with .dll extension in the following locations:

Windows System
Programs Files\Internet Explorer
Programs Files\Movie Maker
All Users Application Data
Windows Temp

and with the random name with .tmp extension in the following locations:

Windows System
Windows Temp

The worm disables the following services:

Windows Automatic Update Service (wuauserv)
Background Intelligent Transfer Service (BITS)
Windows Security Center
Windows Defender
Windows Error Reporting

It also drops following files in the removable and mapped drives:

\RECYCLER\
\autorun.inf

The worm attaches itself to the following Windows processes:

svchost.exe
explorer.exe
services.exe

Blueball Infection symptoms:

Access to Admin shares are denied
Scheduled tasks are created
Acess to security related websites is denied
Access to Windows Updates site is denied
Network response will become considerably slow
Domain controllers respond slowly to client request

The worm modifies registry at the following locations:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Blueball Payload

The worm attempts to create a HTTP Server and open a random port between 1024 and 10000 in the victim computer. On successful creation of the HTTP Server, the worm downloads the copy of itself to the victim computer. The worm also resets the Restore point. Most of the Variants of the Conficker worm will trigger the payload on April 1. Though Security industries are conducting lot of research on the payload, the exact payload and the damage it can create on April 1st is still a mystery.

Blueball Removal of the worm
Patch the vulnerability in your machine to avoid infection. Download and Install the patch released by Microsoft (MS08-067) for this worm.
Registered users can update their virus signatures. Others can install Protector Plus from the following link and scan your computer.
Download Here
http://www.protectorplus.com/download/downloadnow.htm


Category Article , , , , , , , , ,

Category

Android Asus Handphone Ipad Window 7 download gratis smartphone tablet 2Ghz 4G Antivirus Apple Facebook BlackBerry PlayBook Facebook Intel Sandy Bridge Ponsel Technology W32/Conficker Worm infects millions of PCs Windows System electronik gaming notebook terbaru zero facebook 1 10.1v 1GB 2011 3D 3DS Alienware Android 3.0 Ann Curry Aplikasi Baterai Bluetooth technology Bootable CD Boros CPU CPU terbaik 2011 Charger Computer Engineers Core i5 DS Data Debu Dual core Factor Firefox 4 GSM Galaxy Tab Google Greendale HSPA HTC HTC Desire Handheld Honeycomb Human IBM or Microsoft? Intel Akan Tandingi AMD Bulldozer Intel Core I7 Internet Iphone 4 Iphone 5 John McCain Kaspersky Virus Removal Tool Kate Middleton Laptop Li Po Li-Ion Linux Mac Meghan McCain Mitos Mobile Motherboard NBC Narsis Network Nintendo Nokia X7 OS Operator Pangeran William Pernikahan Ponsel HTC 4G Sensasi Processor Psikologi Qualcom RIM Review BlackBerry Playbook Stories Symbian Tahun 2012 Tips and Trick Tips membersihkan perangkat komputer anda dari debu USB Video Wallpaper What is the most valuable brand in the world? Apple Window XP Windows 7 Windows Phone 7 Zynga Poker app best mobile business phone cara membersihkan laptop cara merawat laptop casey anthony clearwire computer console delayed earth Quake elektronik facebook for android gadget high school iPad rival iPhone intel jenis-jenis baterai dan charger kinerja komputer konsumen kontrol kuartal kedua tahun 2011 lelucon merawat notebook microsoft mitos Yunani murder otak samsung galaxy software solusi mempercepat window 7 svchost.exe tab teknisi teknology tutorial windows vista