SIRv12: The obstinacy of Conficker

Conficker is one of the most significant threat families facing organizations worldwide today; its initial impact along with its continued obstinacy shows that clearly. In the fourth quarter of 2011 – three years after its initial release – it attempted to infect just over 1.7 million computers. Conficker’s persistence is illustrated not only by the…

0

Win32/Conficker Variants Update

There have been new developments in the Conficker arena within the past couple of days.  We would like to inform those who are concerned that the MMPC is working to make sure you have the information you need, first to be protected from any threat; and second, to provide you with a full understanding of…

0

Cashing in on Conficker’s Bad Name

Over the last couple of days we’ve seen some spam claiming to be from Microsoft, providing a free scan to remove Conficker. Here’s an example: The link actually takes you to a typical fake online scanner page used to serve up a rogue security scanner: In this case the page tries to get you to…

0

Birthday Problem and Conficker

Hide behind huge numbers, making fighting against very expensive Birthday problem or paradox is the probability that, from a given set of people, two of them will have the same birthday. It is a paradox because the result defies common sense. For a group of 23 people, the chance that two of them share the…

0

A Few Quiet Days… and a New Exploit of MS08-067 Has Been Identified

April 1st is behind us and nothing really happened with Conficker. But it is never boring in the antimalware world. We have found a new exploit of MS08-067 other than Conficker. We also discovered that we already detected and protected users against this new malware.  We added information about mitigations against this malware at the…

0

Information about Worm:Win32/Conficker.D

Over the past several months, Microsoft has received reports on 4 different variants of the Conficker worm, the latest being Worm:Win32/Conficker.D (also known as Downadup.C, and the subject of a number of recent press articles labeling this variant as Conficker.C; see Win32/Conficker for a chart distinguishing the variants).  In response to the previous variants of…

0

Updated Conficker Functionality

We’ve been getting questions from some of our customers about a new sample of Win32/Conficker, dubbed by some as Conficker.B++. We’re aware of this sample and our definitions already detect this sample as Worm:Win32/Conficker.B, but given the new functionality described in this blog post, we’re updating our definitions as of 1.51.856.0 to distinguish it as…

0

Centralized Information About The Conficker Worm

Since the time Microsoft released security update MS08-067, we have released information about MS08-067 exploits and specifically about the Conficker worm in our malware encyclopedia and in multiple blog posts for example here. This blog provides a summary of the available information Microsoft has provided on the Conficker worm and the vulnerability it exploits, which Microsoft…

0

MSRT Released Today Addressing Conficker and Banload

Back on Oct. 23, 2008, Microsoft released a critical security update for Windows: MS08-067. Isolated attacks existed at the time of the bulletin release and in our blog we strongly recommended installing the security update as quickly as possible. Later, a few trojans that exploit this vulnerability were found and a month from the release…

0

Just in time for New Year’s….

Hello again from Melbourne! We’ve seen another resurgence of Worm:Win32/Conficker, this time as Worm:Win32/Conficker.B . We’ve already received a number of reports of this new variant from the wild from affected users. Not surprisingly, a majority of the new infections we’re seeing are on machines that are yet to install the MS08-067 update (see our…

0