Focus on Microsoft Technologies - Tutorials, Articles, Code Samples.

Wednesday, April 01, 2009

What is Conficker Worm

On October 23, 2008, Microsoft released a critical security update, MS08-067, to resolve a vulnerability in the Server service of Windows that, at the time of release, was facing targeted, limited attack. The vulnerability could allow an anonymous attacker to successfully take full control of a vulnerable system through a network-based attack, the sort of vectors typically associated with network "worms." Since the release of MS08-067, the Microsoft Malware Protection Center (MMPC) has identified the following variants of Win32/Conficker:

  • Worm:Win32/Conficker.A: identified by the MMPC on November 21, 2008
  • Worm:Win32/Conficker.B: identified by the MMPC on December 29, 2008
  • Worm:Win32/Conficker.C: identified by the MMPC on February 20, 2009*
  • Worm:Win32/Conficker.D: identified by the MMPC on March 4, 2009**

*Also known as Conficker B++

**Also known as Conficker.C and Downadup.C

Also Read Microsoft Collaborates With Industry to Disrupt Conficker Worm

What Happens on April 1, 2009?

Systems infected with the latest version of Conficker will begin to use a new algorithm to determine what domains to contact. Microsoft has not identified any other actions scheduled to take place on April 1, 2009. It is possible that systems with the latest version of Conficker may be updated with a newer version of Conficker on April 1 by contacting domains on the new domain list. However, these systems could be updated on any date before or after April 1 as well using the "peer-to-peer" updating channel in the latest version of Conficker. more

Post a Comment