• Conficker.C update

    Posted on March 17, 2009 at 07:40 CDT by Comment in the Forums

    Speaking of AutoRun (see my next post)…

    The AutoRun blues surfaced when security researchers discovered that the Conficker worm had a very active infection vector that goes through USB drives: take a USB drive from an infected computer to a clean one, and Conficker comes along for the ride.

    Now comes word that there’s a new Conficker variant, called Conficker.C, that’s getting considerably trickier. While Conficker.A and Conficker.B are picked up by lots of antimalware programs and scanners these days, Conficker.C packs a different kind of punch. Here’s the Ars Technica take:

    …the worm’s creators have a third version (Conficker.C, naturally) prepared to hit the tubes come April 1. The new “C” twist won’t have all of the tools “B” used to replicate, but it will be able to detect and kill certain system processes designed to find and remove it…

    The security industry was collectively able to put the brakes on Conficker.B’s expansion when they managed to reverse-engineer the virus and determine which domains it would attempt to register and dial home to on particular dates. With Conficker.A and B, the worm chose to contact 32 addresses out of a possible 250 on any given attempt. With their algorithm broken, the malware authors went a step beyond updating their randomization/selection code-they also vastly increased both the number of domains the worm could generate as well as the number it will randomly select. Conficker.C will select 500 domains out of a randomized pool of 50,000 instead of the previous 32/250.

    Worm wars. Ya gotta love it.

    For now, if you have to use Windows XP, get your (free!) antivirus software updated and make sure it’s working. Hold down the Shift key when you put anything into your computer. And keep watching for late-breaking news.

    Remember that Conficker doesn’t infect Vista or Windows 7 computers. Wait a couple of years and that may change. For now, Vista and Win7 dodge the Conficker bullet.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.