Monday, March 23, 2009

Computer worm set to launch on April 1st

"SECURITY researchers have sent out notice about a worm set to hit the wild on April 1, making the situation no laughing matter. Conficker.C, the latest variant of Conficker.A and Conficker.B–both of which have been shut down by some crafty reverse engineering–isn’t quite as nasty as its predecessors.

What makes this worm particularly nasty is the way it disables everything on a computer designed to fight it. Like HIV in humans, it attacks the computer’s immune systems. It blocks security-related websites, especially from Microsoft. It terminates system security services like Security Center, Windows Defender, Automatic Updates, Background Intelligent Transfer Service, Error Reporting Service and Windows Error Reporting Service. It copies itself into Windows NT, Windows Media Player, Internet Explorer and Movie Maker directories.

Conficker.C resets all system restore points, deletes any saved system restore points, downloads component files using time-based generated URLs, generates 50,000 URLs and reports back to 500 of them. It sets read only, hidden and system file attributes, generates a file creation/access time-stamp based on kernel132.dll, creates access control entries, and exclusively locks files to restrict access and privileges and to prevent removal.

No comments:

Recent Comments