Conficker/Downadup

On December 9, 2009, in Antispam, by catalin

What is it?

It is a network worm that takes advantage of vulnerabilities in Microsoft Windows to spread. Initially it used to be the vulnerability described in MS08-067 regarding the RPC Server Service issues, but then it was also able to spread through windows shares and removable storage devices.

How can you get infected?

  • if you do not perform your windows updates (yes, I know… sometimes you have to restart your computer, but still!) and if you do not have a security solution installed.
  • if the administrator account on the attacked system has a week password (1234567890, admin and even qwerty are NOT good passwords)
  • if the computer has the Autoplay feature enabled (who here knows how to disable this?) and an infected mapped/removable disk is attached (everyone has at least one USB stick)

What does it do?

Not much. But could transform your computer into a drone from a larger botnet. It’s like a huge corporation, and your computer just received a nice job in the company. A massively underpaid one!

What can you do with a botnet?

  1. Corruption of Defensive System - The most dangerous aspect related to Conficker infection is that it completely neutralizes defensive systems. In other words, any infected machine holds a huge security breach that can be exploited anytime from now on. It is like having a house with a door wide open all the time, even when you sleep or go to work or in vacation.
  2. Distributed Denial of Service – we all know what DDOS is
  3. Pay-per-Click Systems Abuses and Frauds – oldie but goldie
  4. Key Logging, Traffic Monitoring and Mass Identity Theft
  5. Spamming – most probably

Whitepaper – http://www.bitdefender.com/files/Main/file/Conficker_-_One_Year_After_-_Whitepaper.pdf

You are going to like the whitepaper. Did you know a couple of weeks ago we had conficker’s aniversary?

Nice Red Picture

Podcast - http://news.bitdefender.com/site/viewPage/multimedia.html

Tips

  1. Check with your operating system provider on a regular basis – download and install the latest security updates, malware removal tools, as well as other patches or fixes.
  2. Install and activate a reliable password protected antimalware, firewall,
  3. spam filter and parental control solution, like those provided by BitDefender.
  4. Update your antimalware, firewall and spam filter as frequent as possible,
  5. with the latest virus definitions and suspicious applications/files signatures.
  6. Scan your system frequently.
  7. Stay informed about e-threats and security.
2 Comments
Leave A Response

Tagged with: