conficker-c-worm

Over the last couple of months, we have been closely following the birth, the rise, the viral spread, the demoniac effects and the failure of security biggies to catch the creators of Conficker Worm.

The latest variant of the worm, Conficker.C, is programmed to do something on April 1. But what exactly will happen? The most scary thing about it is, no one can say for sure. The “A” and especially “B” variants of this worm (also known as Downadup) have built a botnet estimated at several million PCs, almost exclusively through exploitation of the MS08-067 vulnerability in Windows. Last time around, Conficker added some innovative techniques to update itself though a large number of domains, the names of which were algorithmically generated by the program. Microsoft, as usual tried the trick of offering bounty to know about the creators of this deadly worm. But nothing worked.


Now, the latest variant, Conficker.c worm adds a number of defensive measures designed to protect itself from detection and removal and it charges up the number of domains it can check for updates. The more detailed post about Conficker.c worm can be found here.

It is supposed to disable Windows Automatic Updates and the Windows Security Center. Some security experts such as Eset are urging you to back up in advance of April 1 and to make sure that your security software is working properly. I had shared the Tools available to detect and fix Conficker worm. But none of these security vendors promise that these tools can surely detect and fix all the variants of the Conficker worm. Come April 1st, the worm will start contacting the 50,000 domains and download something. What will they download? What will it make the bots do? Honestly, nobody knows. This is the great mystery.

Is Conficker.C just an April Fool Joke?

Some people are still thinking that it might just be an April fool prank. But let me tell you, it is more a wish than anything else. But really, what is the purpose of Conficker, which could possibly become the world’s most powerful parallel computer on April 1? Speculation about Conficker’s purpose ranges from the benign — an April Fool’s Day prank — to far darker notions.

NYTimes thinks -

One likely possibility is that the program will be used in the “rent-a-computer-crook” business, something that has been tried previously by the computer underground. Just like Amazon.com offers computing time on its network for rent, the Conficker team might rent access to its “network” for nefarious purposes like spamming.

That is really scary. But the best tips I can give you at this point of time are-

  1. Be aware of the Conficker worm and do NOT under-estimate it.
  2. Before April 1st make sure your Windows security updates are up-to-date, and so your anti-virus updates.
  3. Beware of any new websites you will be visiting.
  4. Avoid downloading anything that day.
  5. And do not forget to follow and keep track of the latest updates about Downadup worm here on TechPP.

You can Subscribe to our RSS feed or eMail and stay up-to-date!

Reference: PC World
Image Credits: TopNews

 
Founder-Editor

Raju is the founder-editor of Technology Personalized. A proud geek and an Internet freak, who is also a social networking enthusiast. You can follow him on Facebook and on Twitter. Mail Raju PP. Follow rajupp

 
 
  • http://www.kimwoodbridge.com Kim Woodbridge

    Hmm … I already have the Windows Security Center and automatic updates turned off. I wonder what it would do to my computer then. I should do some updates I suppose. It’s just that they always break something.

    I suppose another solution would be to run Linux …

    Kim Woodbridges last blog post..(Anti) Social-Lists 3/29/09

  • http://www.shoutmeloud.com Harsh Agrawal

    @Kim
    Another solution…
    Don;t update your system…
    Use best antivirus…
    Like Kaspersky, mod 32 and keep a spyware…
    Precaution is always better then cure..so before attaching any external device to your system make sure you scan it completely…

  • James

    Hi,

    Good article. Sophos’ Conficker removal tool can detect and remove all variants of the worm/virus.

    As long as people run these tools it should stop any serious outbreak.

    James

    • http://techpp.com Raju

      @James,
      I have written about the tools available to detect and remove the worm, but unfortunately not all variants of the worm can be caught by these tools.

  • caffee head

    It’s good at least that there was advance warning for the Conficker worm; i’m sure a lot of people were spared a lot of hardship because of this