Conficker: Difference between revisions
+diagram |
Undid revision 265539406 by 12.47.55.101 (talk) notcensored |
||
Line 15: | Line 15: | ||
== Origin of name == |
== Origin of name == |
||
The name is a German hacker pun, meaning "program that manipulates the configuration", consisting of the abbreviation ''con'' for ''configuration'' and the nominalized form of the obscene German verb ''[[wikt:ficken|ficken]]'' , and is a near homophone to the English "configure", especially when said with a German accent.{{Fact|date=Januari 2009}} |
The name is a German hacker pun, meaning "program that manipulates the configuration", consisting of the abbreviation ''con'' for ''configuration'' and the nominalized form of the obscene German verb ''[[wikt:ficken|ficken]]'' ([[fuck]]), and is a near homophone to the English "configure", especially when said with a German accent.{{Fact|date=Januari 2009}} |
||
== Major problems caused by Conficker == |
== Major problems caused by Conficker == |
Revision as of 20:09, 21 January 2009
Conficker (aka Downup, Downadup and Kido) is a computer worm that surfaced in October 2008.[1] The worm exploits a known bug in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.[2] Conficker is mostly found on Windows XP machines. On October 15, 2008 Microsoft released a patch to fix the bug.[3] Heise Online estimated that it had infected 2.5 million PCs by January 15, 2009,[4] while The Guardian estimated 3.5 million infected PCs.[5] By January 16, 2009, an antivirus software vendor reported that Conficker had infected almost 9 million PCs,[6] making it one of the most widespread infections in recent times.[7]
Conficker is reported to be one of the largest botnets created because 30 percent of Windows computers do not have a Microsoft Windows patch released in October 2008.[8]
Macintosh and Linux systems are unaffected, as this virus targets only Microsoft Windows software.
Operation
When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting. It then connects to a server, where it receives further orders to propagate, gather personal information, and downloads and installs additional malware onto the victim's computer.[9] The worm also attaches itself to certain critical Windows processes such as svchost.exe, explorer.exe and services.exe.[10]
Removal tools are available from Microsoft[11] and Symantec.[12] Since the virus can spread via USB drives that trigger AutoRun, disabling the AutoRun feature for external media through modifying the Windows Registry is recommended.[13] While Microsoft has released patches for the later Windows XP Service Packs 2 and 3 and Windows 2000 and Vista, it has not released any patch for Windows XP Service Pack 1 or earlier versions, as the support period for these service packs has expired.
In addition, the worm launches a brute-force dictionary attack against administrator passwords to help it spread through ADMIN$ shares, making choice of sensible passwords advisable.[14]
Origin of name
The name is a German hacker pun, meaning "program that manipulates the configuration", consisting of the abbreviation con for configuration and the nominalized form of the obscene German verb ficken (fuck), and is a near homophone to the English "configure", especially when said with a German accent.[citation needed]
Major problems caused by Conficker
- The U.K. Ministry of Defence reported that some of its major systems and desktops are infected. The worm has spread across administrative offices, NavyStar/N* desktops aboard various Royal Navy warships and Royal Navy submarines.[15]
- Various hospitals across the city of Sheffield reported infection of over 800 computers.[16]
See also
References
- ^ "Three million hit by Windows worm". BBC News Online. BBC. 2009-01-16. Retrieved 2009-01-16.
- ^ "Worst virus in years infects 6.5 mn computers". CNN-IBN. 1/18/2009. Retrieved 2009-01-18.
{{cite news}}
: Check date values in:|date=
(help) - ^ "Microsoft Security Bulletin MS08-067". 2008-10-23. Retrieved 2009-01-19.
- ^ "Report: 2.5 million PCs infected with Conficker worm". heise online. 2009-01-15. Retrieved 2009-01-16.
- ^ Schofield, Jack (2009-01-15). "Downadup worm threatens Windows". guardian.co.uk. Guardian News and Media. Retrieved 2009-01-16.
- ^ Sean (2009-01-16). "Preemptive Blocklist and More Downadup Numbers". F-Secure. Retrieved 2009-01-16.
- ^ "Downadup virus exposes millions of PCs to hijack". CNN. January 16, 2009. Retrieved 2009-01-18.
{{cite news}}
:|first=
missing|last=
(help) - ^ "Three in 10 Windows PCs still vulnerable to Conficker exploit". The Register. 19th January 2009. Retrieved 2009-01-20.
{{cite news}}
:|first=
missing|last=
(help); Check date values in:|date=
(help) - ^ "Conficker Worm Attack Getting Worse: Here's How to Protect Yourself". PC World. Jan 17, 2009. Retrieved 2009-01-18.
{{cite web}}
:|first=
missing|last=
(help) - ^ "F-Secure Malware Information Pages". F-secure. Retrieved 2009-01-18.
- ^ http://www.microsoft.com/security/malwareremove/default.mspx
- ^ http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=3
- ^ "Removing and Repairing". Retrieved 2009-01-18.
- ^ "Passwords used by the Conficker worm". Sophos. Retrieved 2009-01-16.
- ^ "MoD networks still malware-plagued after two weeks". The Register. 20th January 2009. Retrieved 2009-01-20.
{{cite news}}
: Check date values in:|date=
(help) - ^ "Conficker seizes city's hospital network". The Register. 20th January 2009. Retrieved 2009-01-20.
{{cite news}}
:|first=
missing|last=
(help); Check date values in:|date=
(help)