|– Conficker is a family of worms that exploits vulnerability on Microsoft Windows in order to spread.
– It also spreads via USB Devices
– It is designed to download other variants of malware on the infected machine and allows attackers to execute remote code on an infected machine.
– Panda Security users are protected against attacks from this malware.
Conficker, a new family of computer worm has already infected thousands of computers worldwide. PandaLabs, the malware detection and analysis laboratory of Panda Security, has located three variants of this malicious code (Conficker A, B and C).The first known infections of this worm were seen at the end of November, although It was after the holiday season when a dramatic increase in its activity was observed.
This worm propagates by exploiting vulnerability MS08-067, in the Microsoft Windows server service. The worm spreads by using specially crafted RPC calls to other machines. Vulnerable machines will download a copy of the worm. RPC is an abbreviation for Remote Procedure Call, which is a protocol that permits remote code Injection to a networked computer, which in this case allows the worm creator to take control of the infected machines remotely. Additionally, the worm propagates through USB memory devices such as USB Drives or MP3 players.
Increasing the threat, this worm constantly updates, downloading new versions of itself onto infected machines and through different and changing IPs, making it difficult to block. . At the same time, some variants are designed to download other malware onto an infected computer. This is an indication that the worm authors are preparing to carry out a large scale attack in the near future using the infected machines.
“The most likely scenario is that cybercriminals are looking to quickly infect a large number of computers. Once infected, secondary infections designed for economic gain can be easily downloaded onto the compromised machines. Examples would be Trojans designed to steal online banking passwords or rogue antimalware programs that create popups constantly telling the user their computer is infected, making it almost impossible to use the computer until they buy the supposed remedy.” Explains Luis Corrons, Technical Director at PandaLabs.
Panda Security products proactively detect this family of worms leaving its users protected against all times from this threat. This type of worm is very similar to those seen years ago such as the ones responsible for the “Melissa” and “I love you” outbreaks. Similar to those, Conficker attempts to infect the maximum number of computers possible. The difference is while those worms propagated via floppy disk, this one uses USB devices.
To check if your computer is infected with a variant of Conficker, PandaLabs recommends:
– Corporate IT Administrators should check their machines for possible vulnerabilities.
– Servers and Workstations should be patched by following the Microsoft Bulletin related to this vulnerability, available here: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
– Disinfect affected machines using Malware Radar for corporate networks, or ActiveScan for personal computers.
– Disable AutoRun for USB devices – Make sure that all antivirus and security solutions are updated to their latest product version and signature file version.
More information can be obtained from the Panda Research Blog: https://research.pandasecurity.com/archive/Warning_3A00_-Conficker-worm-infections-gaining-traction.aspx