Conficker worm no joke
IT experts are bracing themselves for the Conficker worm, expected to launch on April Fools’ Day. Conficker.c is the third variant of the Conficker worm which has infected PCs around the world over the past six months.
Although most experts are not clear on the actually damage that will be caused by Conficker.c the hard-coded April 1 date in the worm has many worried.
"CA has been monitoring the Conficker.C worm, set for launch on April Fools’ Day, and says that this worm definitely won’t be fooling around," says John Thompson, CA product manager at Workgroup. "On the day of launch, Conficker.c will start its attack by generating an expected 50 000 URLs daily in an attempt to access, download or report back to at least 500 of them.
"The current variant, unlike Conficker.a and Conficker.b may not light a fire under existing intrusion detection systems as it has lost some of its spreading functionality, but it does include a new behaviour, one that has empowered it with the ability to terminate tools used to monitor and remove Conficker from affected systems."
It is unclear exactly what the authors plan to do with this power but it is becoming clear that malware writers have moved from simply creating chaos to making money through deploying worms of this kind.
"At this stage, it’s anyone’s guess what Conficker.c will do," said Brian Grayek, vice president for CA’s Internet Security Business Unit. "One thing, however, is clear: this code was written to evolve over time and to learn. It appears that the author has made changes and updates that negate some of the Conficker Cabal’s attempts to render it harmless."
The Conficker.C worm:
– Detects and kills certain system processes designed to find and remove it;
– Disables Windows Automatic Update;
– Stops access to the Windows Security Centre;
– Can detect and kill SysInternal’s Process Explorer program;
– Interferes with a number of search and destroy programs like WireShark and System;
– Resets and deletes system restore points;
– Disables various services error reporting services; and
– Will prevent any attempt to connect to a variety of anti-virus software services or web sites.
Users are advised to update their virus protection software as well as check to Microsoft updates to ensure they are safe from Conficker.c.
Loading ...