Beware: Conficker C!

Taken from http://www.honeynet.org/papers/conficker

Our "Know Your Enemy: Containing Conficker" whitepaper was released on March 30th as a PDF only. You can download the full paper from the link below.

Paper Abstract

The Conficker worm has infected several million computers since it first started spreading in late 2008 but attempts to mitigate Conficker have not yet proved very successful. In this paper we present several potential methods to contain Conficker. The approaches presented take advantage of the way Conficker patches infected systems, which can be used to remotely detect a compromised system. Furthermore, we demonstrate various methods to detect and remove Conficker locally and a potential vaccination tool is presented. Finally, the domainname generation mechanism for all three Conficker variants is discussed in detail and an overview of the potential for upcoming domain collisions in version .C is provided. Tools for all the ideas presented here are freely available for download including source code.

In addition, as a result of this paper and the hard work of Dan Kaminsky, most vulnerability scanning tools (including Nmap) should now have a plugin or signatures that allow you to remotely detect infected Conficker systems on your networks. Finally, we would like to recognize and thank the tremendous help and input of the Conficker Working Group.

Paper last updated March 30th 2009, 23:00 GMT (rev1)
PDF MD5sum = 135ba75c33534327eb2800e98c8077e8 (KYE-Conficker.pdf)

Attachment Size
http://www.honeynet.org/files/KYE-Conficker.pdf 700.04 KB


More information about how it operates and about how you can disinfect your machine can be found at http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/ This site provides info on the different techniques it uses to spread and how to use said techniques against it to detect it on your system and remove it.

 

i remember reading something about that on Yahoo, but they said the program would go out on April 1st. So baically, i had no idea that it was out right now. I was warning people of it, but they didn't believe me.

 

Conficker D was identified by the MMPC on March 4, 2009

http://www.microsoft.com/security/portal/Entry.aspx?name=Worm:Win32/Conficker.d

If you want to protect yourself from the worm download and install this patch..

http://www.microsoft.com/downloads/...6E-9265-44B9-A376-2067B73D6A03&displaylang=en

And a removal tool..

http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

 

It would be so awesome if they redirected some top website to a shock site.

 

Oh yeah! "That's a very interesting question timmy, let me just google the ans... OMG!! TIMMY LOOK AWAY!! LOOK AWAY!!"

 

We can only hope it'll be that harmless.

 

i am not sure i understand. how would your computer get the virus?

 

I don't get it ? What does it do..

 

They don't know...

 

I guess we'll find out tomorrow, for anyone thats taking the chance.

 

http://www.msnbc.msn.com/id/29975229/wid/11915829?GT1=40006

Keep yourself safe.

 

Thank you for posting this...it has only been posted 100 times.
Just 5 posts below for an example.

 

Been on the News, and many articles. Anyways it's better warning others than to see them fade.

 

I saw it on the news this morning, I wonder what will happen today.

 

Well it\s almost the end of april fools for me.
Nothing happened to my computer

 

The best way to stop this infection is either to turn off internet, although this will not fully protect you, but a top quality virus scanner / internet protection program (Kapersky internet security) or just not have a computer, problem solved.

 

http://www.pcworld.com/businesscent...conficker_worm_is_much_ado_about_nothing.html

Well.

 

so its an april fools joke? or has anything happened?

 

hey guys,

I have found Conficker C manual removal guide here: http://www.2-viruses.com/remove-conficker-c

Does anyone know if this such manual removal guide really works?

Thanks.

 

use that