From the Mind of Marc... » PC Magazine http://mdpblog.mdpsystems.com Advice and insights from a computer authority Wed, 21 Apr 2010 18:47:56 +0000 http://wordpress.org/?v=2.6 en Conficker is alive. http://mdpblog.mdpsystems.com/2009/04/09/conficker-is-alive/ http://mdpblog.mdpsystems.com/2009/04/09/conficker-is-alive/#comments Thu, 09 Apr 2009 13:13:46 +0000 Marc http://mdpblog.mdpsystems.com/?p=94 It’s been in the news recently, and we’ve talked about it here in previous posts and newsletters. The Conficker worm came to life yesterday according to TrendLabs, Trend Micro’s blog. It apparently downloads a file from other infected machines via P2P, similar to how file and music sharing services like Limewire work. From the TrendLabs blog:

Trend now detects this new Conficker variant as WORM_DOWNAD.E. Some interesting things (well at least in our perspective) found are:

  1. (Un)Trigger Date – May 3, 2009, it will stop running
  2. Runs in random file name and random service name
  3. Deletes this dropped component afterwards
  4. Propagates via MS08-067 to external IPs if Internet is available, if no connections, uses local IPs
  5. Opens port 5114 and serve as HTTP server, by broadcasting via SSDP request
  6. Connects to the following sites:
    • Myspace.com
    • msn.com
    • ebay.com
    • cnn.com
    • aol.com

It also does not leave a trace of itself in the host machine. It runs and deletes all traces, no files, no registries etc.

If you think you might be infected, use the Conficker eye chart to confirm, and follow the PC Mag Security Blog steps to help remove it; or give us a call.
]]> http://mdpblog.mdpsystems.com/2009/04/09/conficker-is-alive/feed/