Are you a Conficker Zombie?

By jobeard
Feb 20, 2009
Topic Status:
Not open for further replies.
  1. Conflicker [A] has hit millions of systems.

    Now there's Conflicker B++ too :(

    The big picture Taxonomy of Conflicker is
    [​IMG]

    Another common infection Taxonomy is
    [​IMG]

    (see the original article here)

    The Computerworld article is here

    CAUTION: Don't be overly concerned over the comment on HOST file at the bottom of that article;
    MVSP.org and Spybot S&D modify the HOST file to intentionally inhibit access to known bad sites.
    Such 'lockouts' are easily see on any line containing 127.0.0.1
  2. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Conflicker/downadup Cleanup and removal

    Instructions: http://www.bleepingcomputer.com/malware-removal/remove-downadup-conficker

    Bit defender Removal tool http://www.bitdefender.com/site/Downloads/downloadFile/1583/FreeRemovalTool

    Microsoft patch (to prevent if not already infected or use after clean) http://www.microsoft.com/downloads/results.aspx?pocId=&freetext=ms08-067&DisplayLang=en

    Mike

    EDIT: New for Conflicker!

    Just yesterday Mcafee introduced a special Stinger dedicated to Conflicker

    Get it here http://www.majorgeeks.com/McAfee_AVE...er__d6157.html

    I will edit my other post and add it there.

    This is a bad one so.....

    I advise anyone who supects this malware to shoot it with all 3 programs followed by MBAM , SAS and ComboFix.

    And tet another from Sophos: http://www.majorgeeks.com/Sophos_Conficker_Clean-up_Tool_d6158.html
  3. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,283   +281

    VERY GOOD IDEA; one location for description and solution :)
  4. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hi everyone been away and busy for last few days but thought I would take time post this!

    New for Conflicker!

    Just yesterday Mcafee introduced a special Stinger dedicated to Conflicker

    Get it here http://www.majorgeeks.com/McAfee_AVERT_Stinger_Conficker__d6157.html

    I will edit my other post and add it there.

    This is a bad one so.....

    I advise anyone who supects this malware to shoot it with all 3 programs followed by MBAM , SAS and ComboFix.

    Mike

    EDIT: Another just today http://www.majorgeeks.com/Sophos_Conficker_Clean-up_Tool_d6158.html
  5. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  6. SNGX1275

    SNGX1275 TS Forces Special Posts: 12,415   +281

    How bad is this really? I've been hearing about it on the news since Sunday's 60 Minutes (on cbs). Prior to that I hadn't really heard about it.

    It kind of sparks my intrest because as some of you know, I don't run any AV on my machines. I'm pretty self confident that I'm in the clear, but something 'big' like this would be the kind of thing to shake my confidence if I was comprimised.

    Is this a type of thing where we don't know what it does until April 1? That is my impression at this point. And I think rather than dling and running a bunch of software I don't want on my machines I'm just going to risk it and see what happens in 5.25 hours.

    Disclaimer:
    Do not follow my example if you are concerned for your data, I'm assuming entire responsibility only for what happens to my computers.
  7. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Um put it this way, I presently don't have any issue, where I am ;) ;)
  8. LookinAround

    LookinAround TechSpot Chancellor Posts: 8,358   +167

    I saw 60 minutes as well. And agree. I've run my usual backups but otherwise, I'm still waiting for Y2K to hit!
  9. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  10. LinkedKube

    LinkedKube TechSpot Project Baby Posts: 4,263   +41


    I got suspended from High School because we had to write a paper about the y2k issue. 95% of my class had fear of the issue, along with my teacher.

    My paper basically stated how ignorant people are. Did we not forget that we have 24 time zones. Will the world end one hour at a time?
  11. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,283   +281

    and I'm big on on proactive defense and down on the reactive A/V approach.
    Good router and firewall controls trump A/V everytime (imo).

    If I can keep healthy, then the prescription/rx with the doctors bill can be avoided altogether :)

    Oh sure I have one -- once in a while I even scan with it.

    But using good software{Thunderbird, Firefox}, Spywareblaster(controlling ActiveX), Spybot S&D(controlling startups), trimming Services, and a firewall that controls in/out bound access will cover the bases 99% of the time.
     
  12. captaincranky

    captaincranky TechSpot Addict Posts: 10,392   +830

    It seems to be fashionable nowadays, to award all the credit (or blame), to just the AV software, but it can't be stated how much help it's receiving from FF (with "NoScript") and Spybot, not only it's resident "Tea timer", with it also controlling the hosts file. I'm not certain, but it seems like it's got something akin to "Combo Fix", built in.
  13. jobeard

    jobeard TS Ambassador Topic Starter Posts: 13,283   +281

    forgot to mention -- A/V is THE proactive protection for email -- just got to scan them for scruff :)
  14. tw0rld

    tw0rld TechSpot Maniac Posts: 609   +6

    Avira is the Closest to proactive as A/V gets, and that's to know threats. What we really need is for operating systems to be built in such a way as to prevent the execution of malicious codes. An environment that would be able to decipher the codes compiled in a program to determine if it is malicious or not, simply based on what task the program was designed to carry out. This can be liken to telepathy.

    Imagine being the security Guard at a Bank. The chance of robbers getting by you is high, because you can't stop and interrogate each individual. Now think of the probability of any robbers getting by you if you were able to stop,and interrogate each individual to get an idea of what their intentions are. The probability of the Bank getting robbed would be close to zero.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.