Conficker (also known as Downup, Downandup, Conflicker, and Kido) is a computer worm that surfaced November 21, 2008, with Conficker.A and targets the Microsoft Windows operating system.
| Attributes | Values |
|---|
| rdf:type
| |
| rdfs:label
| |
| rdfs:comment
| - Conficker (also known as Downup, Downandup, Conflicker, and Kido) is a computer worm that surfaced November 21, 2008, with Conficker.A and targets the Microsoft Windows operating system.
- Conficker, also known as Downadup or Kido, is a worm that gained a great deal of media attention in early Spring of 2009. In late March of 2009, it was grossly hyped by the media, who said it would deliver some massively destructive payload. While that never happened, it is remarkable for the number of computers it is alleged to have infected.
- Conficker is a Russian-made internets virus designed to go off on April Fools Day, 2009.
- Conficker (aka Downup, Downadup, Downandup and Kido) is a computer worm that surfaced in October 2008 that targets the Microsoft Windows operating system. The worm exploits a known vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.
- Conficker begins infecting a new system by sending code that exploits the MS08-067 vulnerability. The target computer will receive an RPC request containing exploit code that makes use of a buffer overflow vulnerability to download and execute the worm. It will be downloaded from an HTTP server the worm created on the infecting machine as a .jpg file. Conficker creates an http server on a random port of the machine. It connects to the following websites to check its own computer's IP address:
* http;//checkip.dyndns.org
* http;//getmyip.co.uk
* http;//www.getmyip.org
|
| sameAs
| |
| Length
| |
| dcterms:subject
| |
| dbkwik:malware/pro...iPageUsesTemplate
| |
| dbkwik:computersec...iPageUsesTemplate
| |
| dbkwik:wikiality/p...iPageUsesTemplate
| |
| Date
| |
| Origin
| |
| Platform
| |
| Name
| |
| Type
| |
| Aliases
| - * Win32/Conficker.A
* W32.Downadup
* W32/Downadup.A
* Conficker.A
* Net-Worm.Win32.Kido.bt
|
| filetype
| |
| AKA
| - Downadup, CONFLICKER, Kido
|
| Cost
| |
| Creator
| |
| Size
| |
| affectedplatforms
| |
| abstract
| - Conficker (also known as Downup, Downandup, Conflicker, and Kido) is a computer worm that surfaced November 21, 2008, with Conficker.A and targets the Microsoft Windows operating system.
- Conficker, also known as Downadup or Kido, is a worm that gained a great deal of media attention in early Spring of 2009. In late March of 2009, it was grossly hyped by the media, who said it would deliver some massively destructive payload. While that never happened, it is remarkable for the number of computers it is alleged to have infected.
- Conficker begins infecting a new system by sending code that exploits the MS08-067 vulnerability. The target computer will receive an RPC request containing exploit code that makes use of a buffer overflow vulnerability to download and execute the worm. It will be downloaded from an HTTP server the worm created on the infecting machine as a .jpg file. When the worm is executed, it checks if the system uses a Ukrainian keyboard, and will exit if it does not. If it finds a non-Ukrainian keyboard, it copies itself to the system folder as a randomly named .dll file. The worm creates the service named netsvcs. It will then delete any user-created system restore points. The worm creates a registry key to which it adds its path as a value. Conficker creates an http server on a random port of the machine. It connects to the following websites to check its own computer's IP address:
* http;//checkip.dyndns.org
* http;//getmyip.co.uk
* http;//www.getmyip.org It will then send the IP address to a remote computer and use it to set up an HTTP server on a random port (between 1024 and 10000) of the infected computer. When the worm has successfully exploited another computer, the new target computer will download a copy from that server. Every time a new system is successfully infected, The worm increments a value stored in a registry key. It contacts the following sites to get the current time, which it will use to choose a domain to access from a list contained in the worm:
* http;//www.w3.org
* http;//www.ask.com
* http;//www.msn.com
* http;//www.yahoo.com
* http;//www.google.com
* http;//www.baidu.com Based on this number, it will attempt to access one or more of 250 domains to obtain updates of itself or download other files. Conficker will patch the infected system in memory. This is done likely to make sure that another worm does not enter the system and disrupt Conficker's operations. It may block the user from visiting some antivirus websites. SecureWorks created an "eyechart" which uses images from security sites that will be blocked on an infected machine. If the date is past 2008.12.19, it will download the file loadadv.exe from the site http;//trafficconverter.biz/4vir/antispyware/. This file was unavailable shortly after the release of the worm, but some antivirus researchers believe it may have been a rogue anti-spyware program.
- Conficker is a Russian-made internets virus designed to go off on April Fools Day, 2009.
- Conficker (aka Downup, Downadup, Downandup and Kido) is a computer worm that surfaced in October 2008 that targets the Microsoft Windows operating system. The worm exploits a known vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.
|
![[RDF Data]](/fct/images/sw-rdf-blue.png)