PandaLabs, Panda Security’s malware analysis and
detection laboratory, today issued an orange alert warning against the
malicious Conficker worm, a new family of computer worm has already infected
thousands of computers worldwide. PandaLabs has located three variants of this
malicious code (Conficker A, B and C).The first known infections of this worm
were seen at the end of November 2008, although it was after the holiday season
when a dramatic increase in its activity was observed.
This worm propagates by
exploiting vulnerability MS08-067 in the Microsoft Windows server service and
spreads by using specially crafted Remote Procedure Calls (RPC) to other
machines. Vulnerable machines will then download a copy of the worm, making
them infected as well. RPC is a protocol that permits remote code injection to
a networked computer, which in this case, allows the worm creator to take
control of the infected machines remotely.
The worm also propagates
through USB memory devices such as USB Drives or MP3 players. Increasing the threat,
this worm constantly updates, downloading new versions of itself onto infected
machines and through different and changing IPs, making it difficult to block.
At the same time, some variants are designed to download other malware onto an
infected computer. This is an indication that the worm authors are preparing to
carry out a large scale attack in the near future using the infected machines.
“The most likely scenario is
that cybercriminals are looking to quickly infect a large number of computers. Once
infected, secondary infections designed for economic gain can be easily
downloaded onto the compromised machines,” said Ryan Sherstobitoff, Chief
Corporate Evangelist for of this type of malware are
Trojans designed to steal online banking passwords, or rogue antimalware
programs that create pop-ups constantly telling the user their computer is
infected. This type of infection makes it almost impossible to use the computer
until users buy and install the appropriate remedy.”
This type of worm is very
similar to those seen years ago such as the ones responsible for the “Melissa”
and “I love you” outbreaks. Similar to those, Conficker attempts to infect the
maximum number of computers possible. The difference is while those worms
propagated via floppy disk, this one uses USB devices.
To check if your computer is
infected with a variant of Conficker, PandaLabs recommends:
Administrators check their machines for possible vulnerabilities.
Servers and Workstations
be patched by following the Microsoft Bulletin related to this vulnerability,
for USB devices
Make sure that
all antivirus and security solutions are updated to their latest product
version and signature file version.
Panda Security products
proactively detect this family of worms leaving its users protected against all
times from this threat. More information can be obtained from the Panda