Wednesday, March 25, 2009

Conficker Virus How It Works

Conficker, also known as Kido, is a computer worm that started in October 2008 and targets the Windows operating system.

How it works
The Conficker worm spreads itself primarily through a buffer overflow weakness in the Server Service 0n Windows computers. The worm uses a specially crafted RPC request to execute code 0n the target computer.

When runs on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center.

It receives further instructions by connecting to a server. The instructions it receives may include to propagate, gather personal information and to download and install extra malware onto the victim's computer. The worm also attaches itself to certain Windows processes such as svchost.exe, explorer.exe and services.exe.

The worm seems to implement some of the ideas presented by Fucs, Paes de Barros e Pereira at the Blackhat Briefings Europe 2007, specifically: digitally signed additional payload, use of PRNG for communication and P2P communication.


Related Search
virus removal software
Computer Virus Removal
Remote Virus Scan and Removal
How To Catch A Computer Virus
Facebook profiles targeted by hackers

2 comments:

  1. Hi,

    Good article. Sophos’ Conficker removal tool can detect and remove all variants of the worm/virus.

    As long as people run these tools it should stop any serious outbreak.

    James

    ReplyDelete
  2. if Conficker is designed to go the whole way on this April Fool's angle, then it will strike on some other day besides April Fool's

    ReplyDelete