Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system.[1] The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta.[2] The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.[3][4]
Although the origin of the name "conficker" is not known with certainty, Internet specialists and others have speculated that it is a German portmanteau fusing the term "configure" with "ficken", the German word for "fuck."[5] Microsoft analyst Joshua Phillips describes "conficker" as a rearrangement of portions of the domain name "trafficconverter.biz".[6]
 | |
| Common name | Conficker |
|---|---|
| Aliases |
|
Effect
Upon infection, the worm saves a copy of its DLL form to a random filename in the Windows system folder, then arranges to load itself thereafter at boot as a system service with a randomly generated name.[4]
Variant C of the worm resets System Restore points and disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.[15] Processes matching a predefined list of antiviral, diagnostic or system patching tools are watched for and terminated.[16] An in-memory patch is also applied to the system resolver DLL to block lookups of hostnames related to antivirus software vendors and the Windows Update service.[11]
0 comments