Our team of researches surfs the Internet on an everyday basis in search of the latest registry news and relevant information useful to visitors. This site strives to provide exciting registry information with two basic principles; Simplicity and Quality, with reference to the best information on registries.
The writers of the site present articles illustrated with images, while ensuring that the articles are both clear and concise in order to provide professional, yet easy to understand articles. Registry products and problems are analyzed and evaluated so as to present visitors with professional and factual articles. More...
Mar
13th

Conficker Worm Spreading After Windows Update!

Author: Egle | Files under Fix slow PC

computer-bug-thumb7598107.jpgThe computer-world is not only interesting and impressive for people but also unsecured and dangerous for computers. Many viruses, bugs, worms and other malicious software attack computers every day. One of the most popular malicious software out there would be the Conficker worm. It is often modified, so to date it has infected millions of home and business computers and is currently considered a huge threat. On October 23, 2008 Microsoft issued a software update on the Windows users network, which patches the network vulnerability. The update was modified on February 24, 2009. However, this is not enough to get rid of the parasites for good.

The first method Conficker uses to spread is through infecting networks of unpatched Windows computers. After infecting a computer Conficker disables the users ability to access security websites and doesn’t allow the user to download updates that would stop Conficker from spreading. The update mentioned above is able to stop this malware from spreading through the network. However, it will not remove the malware itself. Conficker makes several configuration modifications so that it runs every time Windows is started. Basically, it adds itself as a service. The second method Conficker uses to spread is to infect USB devices launching malicious files through the autorun.inf file. The file calls a malware file located in the same USB drive or other removable devices. Both files are hidden, so the owner of infected devices cannot locate and delete them because this feature is disabled in the infected machine. 

We tested Windows XP (KB 967715) update, but it didn’t solve the problem as well as Nick Brown’s fix did. Our video displays how Conficker infects a computer by corrupting or adding a malicious autorun.inf file. A demonstration infection was created in order to launch a virus when a Flash Drive is plugged in. The malicious file was written to the Flash Drive and removed from the PC. When the flash was plugged in and opened again, the virus spread. Like we mentioned above this is one of the ways Conficker spreads. The file which executes and delivers the virus payload was also written to the Flash Drive. Then, the Flash Drive was removed from the PC. It was plugged back in and then it prompted us. After clicking OK, the virus was launched. On March 3, 2009 we ran Windows Update to get all latest patches. Unfortunately, the update for Windows XP (KB 967715) hadn’t protected us from a USB virus such as Conficker. This testing revealed that even with the update Autorun was not disabled. Autorun launched a prompt that would easily deceive most users. Once the user clicks OK, the virus spreads.

A step-by-step demonstration on how Conficker infects Autorun.inf is introduced below:

Resources:
Wikipedia on Conficker
What the Conficker worm is and what it does

Post a Comment

Security Code: