0 Members and 1 Guest are viewing this topic.
On 15 October 2008, Microsoft released an emergency out-of-band patch to fix vulnerability MS08-067, which the worm exploits to spread. The patch applies only to Windows XP SP 2, Windows XP SP 3, Windows 2000 SP4 and Windows Vista; Windows XP SP 1 and earlier are no longer supported.
The Conficker worm is finally doing something--updating via peer-to-peer between infected computers and dropping a mystery payload on infected computers, Trend Micro said on Wednesday. Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro. The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.The worm also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog.
$ curl -v confickerworkinggroup.org* About to connect() to confickerworkinggroup.org:80* Connected to confickerworkinggroup.org (184.108.40.206) port 80> GET / HTTP/1.1User-Agent: curl/7.10.2Host: confickerworkinggroup.orgPragma: no-cacheAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*<meta http-equiv="refresh" content="0;url=/wiki/">* Connection #0 left intact* Closing connection #0
On 15 October 2008, Microsoft released an emergency out-of-band patch for vulnerability MS08-067, which the worm exploits to spread. The patch applies only to Windows XP SP 2, Windows XP SP 3, Windows 2000 SP4 and Windows Vista; Windows XP SP 1 and earlier are no longer supported.Microsoft has since released a removal guide for the worm, and recommends using the current release of its Malicious Software Removal Tool to remove the worm, then applying the patch to prevent re-infection.