Conficker.C Virus

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

chef replied

9 April 2009, 13:18
Originally posted by voodooflux View Post

BBC News: Conficker begins stealthy update

what was foun and it's effects direct from the horses (well Trend Micro's) mouth

http://blog.trendmicro.com/
Leave a comment:
voodooflux replied

9 April 2009, 10:47
BBC News: Conficker begins stealthy update
Leave a comment:
NickFitz replied

25 March 2009, 15:37
Obligatory pedantry: it's a worm, not a virus.
Leave a comment:
voodooflux replied

25 March 2009, 14:05
Originally posted by DaveB View Post

Yup, vulnerability in svchost.exe. If you patched it the last time around you should be safe this time.

And hopefully our anti-virus patterns are now up to date so they pick it up this time - a lot of AV vendors were caught out by the earlier variants.
Leave a comment:
DaveB replied

25 March 2009, 14:02
Originally posted by voodooflux View Post

Does it exploit the same vulnerability as the other variants?

Yup, vulnerability in svchost.exe. If you patched it the last time around you should be safe this time.
Leave a comment:
voodooflux replied

25 March 2009, 14:00
Originally posted by DaveB View Post

That would have been the A or B Varients then.

This is a new version that generates around 50,000 faked URL requests per second to disguise the one it is actually communicating with. Get a few of these on your network and you can bend over and kiss your DNS goodbye in addition to the malware problems you are about to aquire.

Does it exploit the same vulnerability as the other variants?

The network at ClientCo is so slow they probably wouldn't notice the slowdown
Leave a comment:
DaveB replied

25 March 2009, 13:57
Originally posted by voodooflux View Post

We had the joyous task of removing all trace of this from several ClientCo servers a while back.

That would have been the A or B Varients then.

This is a new version that generates around 50,000 faked URL requests per second to disguise the one it is actually communicating with. Get a few of these on your network and you can bend over and kiss your DNS goodbye in addition to the malware problems you are about to aquire.
Leave a comment:
voodooflux replied

25 March 2009, 13:53
Originally posted by DaveB View Post

is heading this way, due to "Go Live" on April 1st. Get your AV up to date and make sure you have this patch installed

All the gory details here.

We had the joyous task of removing all trace of this from several ClientCo servers a while back, and then applying the patch that had somehow become stalled in the IT approval process.
Leave a comment:
DaveB started a topic Conficker.C Virus

25 March 2009, 13:50
Conficker.C Virus

is heading this way, due to "Go Live" on April 1st. Get your AV up to date and make sure you have this patch installed

All the gory details here.
Tags: None