Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Conficker.C

 
Threat LevelHigh threat
DamageHigh
DistributionModerately widespread
Common name:Conficker.C
Technical name:W32/Conficker.C.worm
Threat level:High
Alias:WORM_DOWNAD.AD,W32.Downadup,Net-Worm.Win32.Kido.cn,
Type:Worm
Effects:  

It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself. It also spreads through shared and removable drives. It reduces considerably the protection level of the computer, modifies the security policies of the user accounts and attempts to download another type of malware to the affected computer.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Dec. 31, 2008
Detection updated on:June 18, 2010
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Conficker.C is a worm which exploits a vulnerability in the Windows Server Service which allows remote code execution. It is the vulnerability MS08-067.

If the system date is after January 1, 2009, it will try to connect to a certain website in order to download and run another type of malware in the affected computer.

On the one hand, it reduces considerably the protection level of the computer, as it prevents the user and the computer from connecting to many websites related to antivirus companies.

On the other, it uses weak passwords to access the user accounts in order to modify their security policies.

Conficker.C spreads by exploiting the vulnerability MS08-067. In order to do so, it sends malformed RPC requests to other computers in which it attempts to enter a copy of itself. Additionally, it spreads through shared and removable drives.

 

It is highly recommended to download and apply the security patch for the vulnerability MS08-067. Access the web page for downloading the patch.

Visible Symptoms 

    

Conficker.C is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

>

>

>