Tuesday, January 20, 2009

The Conficker worm contiues to spread

The Conficker worm is one of the most widespread computer infections in recent memory, and it's still spreading. In fact, it may have surpassed the nine million mark, and may create the world's biggest botnet.

When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting. It then connects to a server, where it receives further orders to propagate, gather personal information (via a keystroke logger and other tools), and downloads and installs additional malware onto the victim's computer. The worm also attaches itself to certain critical Windows processes such as svchost.exe, explorer.exe and services.exe.

It seems to download data from " hxxp://trafficconverter.biz/[Removed]antispyware/[Removed].exe", which apparently originates in the Ukraine.

People are making insightful comments over on Slashdot, which has also picked up the story.

Win32/Conficker.A (CA)
W32.Downadup (Symantec)
W32/Downadup.A (F-Secure)
Conficker.A (Panda)
Net-Worm.Win32.Kido.bt (Kaspersky)

1 comment:

  1. Yeah, that's just great. personal information from a key stroke logger from 9 million computers going to Ukraine.