3 posts in this topic

Is your anti-virus up to date?

Conficker Worm

Background

Since its appearance in late-2008, the Downadup (also called Conficker or Conflicker) worm has become one of the most wide-spread threats to hit the Internet for a number of years. A complex piece of malicious code, this threat was able to jump certain network hurdles, hide in the shadows of network traffic, and defend itself against attack with a deftness not often seen in today’s threat landscape. Yet it contained few previously unseen features. What set it apart was the sheer number of tricks it held up its sleeve.

It all started in mid-October of 2008, we began to receive reports of targeted attacks taking advantage of an as-yet unknown vulnerability in Window’s remote procedure call (RPC) service. Microsoft quickly released an out-of-band security patch (MS08-067), going so far as to classify the update as “critical” for some operating systems—the highest designation for a Microsoft Security Bulletin. Microsoft took the effort to contact enterprise customers and inform them that this security patch needed to be applied with the highest priority.

It wasn’t until late November that Downadup appeared (also called Conficker by some news agencies and antivirus vendors) and achieved modest propagation success. As we moved into 2009 the Downadup worm was discovered to have a hidden danger behind it’s potential payload—Downadup contained the ability to update itself or receive additional files for execution.

On April 1st the Downadup (Conficker) worm will start taking more steps to protect itself. After that date, machines infected with the “C” variant of the worm may not be able to get security updates or patches from Microsoft and from many other vendors. The creators of the worm will also start using a communications system that is more difficult for security researchers to interrupt. Beyond this knowledge we know very little else about the intentions of it’s creators.

It is extremely important that your antivirus software is updated daily to ensure protections are in place. You can set this option up in your antivirus scan preferences.

***Also, new variations of the “Conficker” worm have begin to use Social Networking Sites, this will cause an influx in e-mail which would appear to be from a known individual, but would actually be a fraud containing a malicious payload. In addition, we may also see elongated response times on the Internet since a new influx of updates will be passed to infected clients.

Share this post


Link to post
Share on other sites

Looks like I'm going to be busy tomorrow!

Share this post


Link to post
Share on other sites

sounds like a good day for fishing.

Don't got to worry about those pesky electronic virus's on the beach.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0