 April
Fools Day Virus!
Conficker
Worm
Details
and removal utilities
Conficker,
also known as Downup, Downadup and Kido, is a computer worm
that surfaced in October 2008 and targets the Microsoft Windows
operating system.[1] The worm exploits a previously patched
vulnerability in the Windows Server service used by Windows
2000, Windows XP, Windows Vista, Windows Server 2003, Windows
Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta.[2]
The worm has been unusually difficult for network operators
and law enforcement to counter because of its combined use
of advanced malware techniques
Initial
infection
Variants A and B exploit a vulnerability in the Server Service
on Windows computers, in which an already-infected source
computer uses a specially-crafted remote procedure call request
to force a buffer overflow and execute shellcode on the target
computer.[8] On the source computer, the worm runs an HTTP
server on a port between 1024 and 10000; the target shellcode
connects back to this HTTP server to download a copy of the
worm in DLL form, which it then runs as a service via svchost.exe.[4]
Variant B can remotely execute copies of itself through the
ADMIN$ share on computers visible over NetBIOS. If the share
is password-protected, it will attempt a brute force attack,
potentially generating large amounts of network traffic.[9]
Variant C places a copy of itself on any attached removable
media (such as USB flash drives), from which it can then infect
new hosts through the Windows AutoRun mechanism
Removal
Tools
McAffee
Stinger
F-Secure
Removal
Instructions
for the BitDefender tools can be found here
BitDefender
Romoval
BitDefender
Network Tool
|
