 |  |  |  |  |  |  |  |
| Kernel |
Consultants
Conficker finally on the move...
Last night, Conficker -- the computer worm that's had every computer user in a tizzy for weeks --
finally began to show signs of life. What exactly it's doing, no one's quite sure.
Here's the scoop: On April 8, Conficker began updating itself via Internet download, a process
which became possible on the April 1 launch date. Before April 8, Conficker had been searching
for updates but hadn't found any such instructions. Now they are finally being delivered.
What's in those instructions, though, remains a bit of a mystery: The downloaded programs are
heavily encrypted, so they can't be analyzed in detail. We do know that, after installation, the
instructions we can see are relatively benign:
Last night, Conficker -- the computer worm that's had every computer user in a tizzy for weeks --
finally began to show signs of life. What exactly it's doing, no one's quite sure.
Here's the scoop: On April 8, Conficker began updating itself via Internet download, a process
which became possible on the April 1 launch date. Before April 8, Conficker had been searching
for updates but hadn't found any such instructions. Now they are finally being delivered.
What's in those instructions, though, remains a bit of a mystery: The downloaded programs are
heavily encrypted, so they can't be analyzed in detail. We do know that, after installation, the
instructions we can see are relatively benign:
They tell the computer to check one of five random websites -- MySpace, eBay, AOL, CNN, and MSN -- in order to verify the
computer has internet access. It then confirms the date and time.
After this, the downloaded software seemingly deletes itself, along with every trace that it had ever been installed (right down
to the registry keys).
That doesn't mean it does delete itself, though. Some speculate that the downloaded software installs an as-yet
undetectable rootkit on the machine that leaves the computer open for further compromise.
Curiously, the payload also includes instructions for Conficker to delete itself and stop running on May 3, though
compromises already introduced -- and additional ones that may be downloaded over the next few weeks -- will leave any
infected machine vulnerable to attack.
Research into exactly what's going on -- made difficult due to the encryption on the worm -- continues. Stay tuned for more
updates.
computer has internet access. It then confirms the date and time.
After this, the downloaded software seemingly deletes itself, along with every trace that it had ever been installed (right down
to the registry keys).
That doesn't mean it does delete itself, though. Some speculate that the downloaded software installs an as-yet
undetectable rootkit on the machine that leaves the computer open for further compromise.
Curiously, the payload also includes instructions for Conficker to delete itself and stop running on May 3, though
compromises already introduced -- and additional ones that may be downloaded over the next few weeks -- will leave any
infected machine vulnerable to attack.
Research into exactly what's going on -- made difficult due to the encryption on the worm -- continues. Stay tuned for more
updates.
LATEST VIRUS NEWS....
You are here: Virus Alerts
Contact Us +357 23730150 | info@kernel-consultants.com
 |
 |
 |
 |
 |
 |
 |
| CHECK OUT OUR NEW SERVICES |
