Conficker .Also known as Downup , Downandup and Kido , is a worm computer that appeared in October of 2008 , which attacks the operating system Microsoft Windows . The worm exploits a vulnerability in the service Windows Server systems Windows 2000 , Windows XP , Windows Vista , Windows Server 2003, and Windows Server 2008 .
Summary
[ hide ]
- 1 Operation
- 2 Decontamination
- 3 Symptoms of Infection
- 4 Sources
Functioning
The worm spreads itself primarily through a Windows Server service buffer overflow vulnerability . It uses a specially developed RPC request to run your code on the target computer.
When it has infected a computer, Conficker disables various services, such as Windows Automatic Update , Windows Security Center , Windows Defender, and Windows Error Reporting . It then contacts a server, where it receives further instructions about spreading, collecting personal information, or downloading additional malware onto the victim computer. The worm also binds itself to certain processes such as svchost.exe , explorer.exe, and services.exe .
Decontamination
On October 15, 2008 Microsoft released a patch (MS08-067) that fixes the vulnerability that the worm takes advantage of. There are removal tools Microsoft, SOPHOS , ESET , Panda Security , Symantec , Kaspersky Lab , TrendMicro , Service Pack 3, as the support for these versions has expired. Since it can spread through USB sticks that activate an Autorun , it is recommended to disable this feature by modifying the Windows Registry .
Symptoms of Infection
- The account lockout policy is automatically reset.
- Some Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Windows Error Reporting do not work.
- Domain controllers respond slowly to client requests.
- There is congestion of the local area networks as a result of ARP floods from network scanning.
- Websites related to antivirus software or the Windows Update service are inaccessible.
- User accounts are locked.