ReadWriteWeb

It's Alive! Conficker Wakes Up - And Now It Has a Business Model

Written by Frederic Lardinois / April 9, 2009 9:38 AM / 9 Comments
« Prior Post Next Post »

conficker_mar_09.jpgConficker, the Internet worm that caused a mild panic reminiscent of Y2K late last month, but which failed to do anything spectacular that would have warranted the breathless coverage on 60 Minutes ("The Internet is Infected"), has finally woken up. This morning the worm  started to update itself via a peer-to-peer network between infected machines after downloading its payload from a server in South Korea.

It is not clear how many machines were infected with this worm, but estimates range from 9 million to 15 million.

While earlier variations of the Conficker worm prevented infected machines from accessing the servers of most antivirus companies, this new variant also blocks access to sites that offer tools for removing the worm like BitDefenders bdtools.net.

alive_apr09.pngOddly, the Conficker worm now also includes an instruction that tells the worm to remove itself on May 3 (the hackers clearly like deadlines), though after that, it will keep a port open on these machines that will allow the hackers to get back into these computers at any time.

The Big Picture: Spyware, Spambots, Pop-Ups

According to both Trend Micro and Symantec, Conficker, after downloading its update, also downloads a variant of the well-known Waledac malware. Waledac is one of the world's most active spambots.

Security researchers are still trying to understand the connection between Waledac and Conficker's new E variant (only a small number of antivirus products can currently detect this version of Waledac, by the way). Some, however, speculate that this connection could mean that Conficker was created by the same group of hackers that created Waledac and its predecessor, the infamous Storm botnet.

Business Model?

fake_spyware_conficker.pngAccording to Kaspersky Labs' Alex Gostev, Waledac will download a rogue antivirus application onto infected machines, as well as an email-worm that can steal data and send spam. The fake antivirus software will ask users to pay $49.95 for "Spyware Protect 2009," which, of course, is anything but an antispyware product.

Protect Yourself (and others)

Of course, if your Windows machine is up to date and if you have kept your antivirus software up to date then chances are very good that you are well protected against Conficker.

If you want to learn more about Conficker and how to protect yourself, have a look at this list of resources we put together last month. If you want to see if you are infected, head over to this site from the University of Bonn.

« Prior Post Next Post »
Posted in and tagged with

Related Entries


Comments

Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts

  1. Well, it seems like everyone but Twitter has a business model...

     Posted by: Mathieu Author Profile Page Posted on FriendFeed   | April 9, 2009 11:15 AM



  2. Well, it seems like everyone but Twitter has a business model...

    hahahahahahahahaaa

    Posted by: OLL | April 9, 2009 12:28 PM



  3. Thanks you

    Posted by: dinleme cihazı | April 10, 2009 5:55 AM



  4. My gf has a User Account (XP, sp3) on my pc, and was running Spyware Doctor yesterday (April 9) when it appeared to end too soon.

    I brought it up and it said "Last Scan 600+ Days Ago." I ran it again. At 66% it began scanning the file "Conficker," which went through tens of thousands of files.

    I tried unsuccessfully to access my ASP (another sign of infection, apparently). I went to Microsoft and downloaded the March 30 malware removal tool. Gf does not have admin privileges, so I logged out, logged in as me and ran the tool.

    Nothing. Ditto AVG. Ditto Spyware Dr.

    I backed up my stuff, noting possibility of infection on the DVDs, and shut down. Today everything is running normally. NO av products caught anything.

    I did a stop dsncache and updated my avg today and am running it now.

    Any advice, besides "Switch to Linux"?

    Posted by: Thedmo | April 10, 2009 4:42 PM



  5. This video explaining how to simply find out if you're infected with Conficker, and then tells you how to patch it the issue:
    Conficker Detection and Removal

    Posted by: Jonny | April 14, 2009 12:24 PM



  6. I think conficker is not a virus but its a adware..

    http://conficker-virus-worm.blogspot.com/

    Posted by: conficker worm | April 18, 2009 5:25 PM



  7. Conficker can pop up on your computer in various ways, Del Conte added, whether as a pop-up that advertises a way to prevent the worm, or in your e-mail or Facebook account. She advises that, to be safe, you should never click on anything you're not familiar with.

    Posted by: Computer Help | September 16, 2009 3:48 AM



  8. Every computer user, whether you suspect you are infected with Conficker or not, should use a tool to check and remove it from your system. This can be a stealthy bug (depending on which variation you may have) and many infected users have no idea they have it on their systems. Sophos antivirus offers a great Conficker removal tool that will remove all variations - and it's free. Head over there or just Google it..I highly recommend it.

    Posted by: Heath | December 10, 2009 6:22 AM




  9. The writer of the conficker virus is Mario Fiege a German in the Philippines. he is working with glavmed.com.stimul-cash.com , rx-promotion.com , spamit.com. He is pretending to be a russian in the internet while hacking domains,,hijacking forums and sending millions of email spam out of malware ghettos like asian.
    He is using proxyway.com

    Posted by: bodo unger | January 7, 2010 9:48 AM



Leave a comment

Optional: Sign in with Connect Facebook   Sign in with Twitter Twitter   Sign in with OpenID OpenID  |  

If you think Twitter is big, check out the Real-Time Web
RWW SPONSORS



FOLLOW @RWW ON TWITTER

ReadWriteWeb on Facebook



POPULAR TAGS

TEXT LINK ADS



RWW PARTNERS