Welcome to the Virus Encyclopedia of Panda Security.
Conficker.C is designed to spread by exploiting a vulnerability in the Windows Server Service which allows remote code execution. It is the vulnerability MS08-067.
Additionally, Conficker.C carries out the following actions:
Conficker.C creates a random DLL in the Windows system directory. This file is created with system, read-only and hidden attributes.
It also creates a file with random name and VMX extension in the folder RECYCLER\%random name% of all the shared and removable drives of the computer. It is copied with system, read-only and hidden attributes. Additionally, it creates an AUTORUN.INF file in these drives. This way, it is run whenever any of them is accessed.
On the other hand, it creates a scheduled task in the folder Tasks of the Windows directory in order to start its execution periodically.
Conficker.C creates the following entries in the Windows Registry:
Conficker.C modifies the following entries from the Windows Registry in order to make its detection more difficult:
Conficker.C spreads by exploiting the vulnerability called MS08-067, which is a vulnerability in the Windows server service. In order to do so, it sends malformed RPC requests to other computers. If any of them is vulnerable, it will download a copy of the worm to the system.
Additionally, Conficker.C also spreads through the system drives, both shared and removable, making copies of itself in them. It also creates an AUTORUN.INF file in order to be run whenever any of them is accessed.
Conficker.C is 167,765 bytes in size.