Author Topic: More details about Conficker! (Read 5762 times)

polonus · « **on:** February 14, 2009, 01:58:00 AM »

Hi malware fighters,

The makers of the Conficker worm malware are very advanced malcreants: http://www.dshield.org/diary.html?storyid=5842

polonus

CharleyO · « **Reply #1 on:** February 14, 2009, 09:05:56 AM »

***

While much of that is a little beyond my understanding, it is still an interesting read.

It's too bad people who are so smart use their knowledge for evil.

***

.: Mac :. · « **Reply #2 on:** February 15, 2009, 03:18:44 AM »

Quote from: CharleyO on February 14, 2009, 09:05:56 AM

***

While much of that is a little beyond my understanding, it is still an interesting read.

It's too bad people who are so smart use their knowledge for evil.

***

Well I would guess that some of the malware writers are Security professionals who are now unemployed because of the world's economy going downhill.

polonus · « **Reply #3 on:** February 15, 2009, 07:18:43 PM »

Hi CharleyO,

About what the infested machine are going to be used for:
http://matchent.com/wpress/?q=node/437

Conficker removal
http://www.pchubs.com/blogs/conficker-worm-removal-process-and-new-information-on-conficker

How do I know that I am infected?
The worm creates the following service:

* Name: netsvcs
* Path: %SystemRoot%system32svchost.exe -k netsvcs

The following registry adding is made by the worm:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesnetsvcsParameters"ServiceDll" = "[PathToWorm]"

Solution
To prevent this worm from infecting important is to install the Microsoft patch:
http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

Through the Symantec removal tool the worm can be cleansed from your PC:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99
First remove the worm with the Symantic patch and then run the Windows Update or Microsoft patch.

Has your computer been infected with Conficker?Than you do not longer have the opportunity to download an up-to-date version of the Malicious Software Removal Tool (MRST) through Microsoft's website. To work this software anyway you can use the same software here:
http://www.waarschuwingsdienst.nl/download/windows-kb890830-v2.7.exe

The md5 checksum of this file is: 6c231da7abf5a27792344f9581b8b05b

It is also important to realize that an infection with Conficker trhough a USB-stick/pendrive always stays a possibility, even when you have installed Microft latest updates, your PC can get infected. Well the installation of the most recent updates makes this infection less likely, and using your PC with only user rights also diminishes this risk...because the worm cannot infect you automatically....

http://www.secureworks.com/research/threats/downadup-removal/?threat=downadup-removal

pol

CharleyO · « **Reply #4 on:** February 16, 2009, 05:34:26 AM »

***

No problems here as I am always fully updated.

Another interresting read, Polonus ... thanks.

***

Author Topic: More details about Conficker! (Read 5762 times)

polonus

More details about Conficker!

CharleyO

Re: More details about Conficker!

.: Mac :.

Re: More details about Conficker!

polonus

Re: More details about Conficker!

CharleyO

Re: More details about Conficker!