Conficker finally on the move

Thu Apr 9, 2009 12:35PM EDT

See Comments (219)

Last night, Conficker -- the computer worm that's had every computer user in a tizzy for weeks -- finally began to show signs of life. What exactly it's doing, no one's quite sure.

Here's the scoop: On April 8, Conficker began updating itself via Internet download, a process which became possible on the April 1 launch date. Before April 8, Conficker had been searching for updates but hadn't found any such instructions. Now they are finally being delivered.

What's in those instructions, though, remains a bit of a mystery: The downloaded programs are heavily encrypted, so they can't be analyzed in detail. We do know that, after installation, the instructions we can see are relatively benign: They tell the computer to check one of five random websites -- MySpace, eBay, AOL, CNN, and MSN -- in order to verify the computer has internet access. It then confirms the date and time.

After this, the downloaded software seemingly deletes itself, along with every trace that it had ever been installed (right down to the registry keys).

That doesn't mean it does delete itself, though. Some speculate that the downloaded software installs an as-yet undetectable rootkit on the machine that leaves the computer open for further compromise. 

Curiously, the payload also includes instructions for Conficker to delete itself and stop running on May 3, though compromises already introduced -- and additional ones that may be downloaded over the next few weeks -- will leave any infected machine vulnerable to attack.

Research into exactly what's going on -- made difficult due to the encryption on the worm -- continues. (Trend Micro has more technical details if you're interested.) Stay tuned for more updates.

Comments on Conficker finally on the move

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by rockford33usa on Thu Sep 3, 2009 8:47PM EDT Report Abuse

    Enough already, Null. Stop listening to people who wipe their noses on their sleeves when they talk. Bad enough you can't think for yourself and recognize baloney when you hear it. Stop passing on unsubstantiated garbage as facts. Idiot.

  • 2 Posted by anchor122000 on Thu Sep 3, 2009 2:53PM EDT Report Abuse

    Yep, every little kid gets his Radio Shack computer with Winblows. Real computer users avoid it!!! We sleep real good at nite not worrying about viruses...few Winblows owners can say that!!

  • 3 Posted by rockford33usa on Thu Sep 3, 2009 8:47PM EDT Report Abuse

    I'm not quite sure how anybody can consider Windows an OS that works... Vista only works at randomly shutting down programs.

  • 4 Posted by kes_is_killa on Thu Sep 3, 2009 4:49PM EDT Report Abuse

    This is an major problem i wonder who sent the instructions

  • 5 Posted by theedgenr on Thu Sep 3, 2009 10:04PM EDT Report Abuse

    The reason why this virus is going after Windows is because it gets the biggest bang for the buck. These hackers do not go after other operating systems is that they lack marketshare and impact. they could very easily go after Linux...

More Posts: First Prev 1 2 3 4 5 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.