Making sense of the latest Conficker update

Making sense of the latest Conficker update

Summary: Several of you have emailed me for information about the latest Conficker update. Consider this post an update to my "no bull" guide to Conficker.

SHARE:
13

Several of you have emailed me for information about the latest Conficker update. Consider this post an update to my "no bull" guide to Conficker.

Q: So, what's happening?

A: On April 8th a new update was made available to machines infected with Conficker variant C. This new update is called Conficker.E by many antivirus vendors.

Q: How does this update come in?

A: As an .exe file (previous conficker variants were all .dll files) via peer-to-peer (P2P).

Q: What does this new update do?

A: It seems that this update is a scareware package. It consists of a fake antispyware tool called Spyware Guard 2008. This update is a rogue antispyware tool that when triggered will "discover" that the system is infected with malware and ask the user for a payment to remove it. Of course this is all a scam and the system remains infected after the paid-for detox.

Detailed removal instructions for Spyware Guard 2008 can be found here.

This update also reintroduces Conficker's ability to exploit the MS08-067 Windows vulnerability (Conficker.C didn't have this feature).

It's also suspected that Conficker.E will coral PCs and put them to work as part of a spambot network.

Q: Anything else interesting about Conficker.E?

A: Well, it is set to delete itself if the date is May 3, 2009 or later. Gives us an idea as to when the next update could be due.

Q: How widespread is Conficker.E?

A: Well, this this update is being sent to systems running Conficker.C, and it is estimated that this has infected a few million systems, that's a good starting point for how far this might go. Given that this update also leverages MS08-067 then it has the potential to spread even further.

Q: Is it time to panic?

A: Yes!!! ... Nah, of course it isn't. Update your PCs, scan your systems and get on with life.

Q: What should I do if I/a client/a colleague/a friend/a family member is still worried?

A: Send them here for a quick and simple test. If that's not enough, send them to the Sunbelt Software or BDTools site so they can scan their systems for Conficker.

Don't Panic! :-)

Topics: Browser, CXO, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Be Vigilant

    Since it is apparent that Conficker is a 'rootkit' there is all the more reason to scan your system(s) using a tool which reads your Windows partitions in an 'off-line' manner.

    I describe such a tool here:

    http://www.dtschmitz.com/dts/2009/04/a-must-have-security-tool-bitdefender-rescue-cd-for-unicies.html

    Also, admins can scan subnets collectively in a single pass, readily detect which machines have been infected with Nmap, isolate infected PCs and fix. Here are the details about Nmap:

    http://www.dtschmitz.com/dts/2009/03/scanning-for-conficker-with-nmap.html

    Be safe.

    Dietrich T. Schmitz
    http://www.dtschmitz.com
    no_zd_user_name
    • Thanks for sharing that advice ...

      ... good medicine.
      Adrian Kingsley-Hughes
  • RE: Making sense of the latest Conficker update

    Conficker E Now?

    Just Like Cnn "Terrorist Terrorist Terrorist"

    Put the scare in Everybody on Computers Now!

    Microsoft is at fault as much as the creator of the Conficker Worm.

    If Microsoft wanted to control the worm from spreading in the first place, Why did'nt they support the critical updates for the pirate versions?

    Windows Genuine Advantage caused a lot of pirate users to disable the windows update, which help spread the conficker Worm in the first place.

    I don't support any pirate users out there, how ever
    any Os System that has critical issues every 2 weeks or less tells me there's trouble.

    No Os system is safe anymore on the Internet.




    Hellgate666666
    • They do.....

      allow for critical updates. An update is no good if it isn't installed though.
      Erroneous
    • They absolutely do, it is just that

      They absolutely do, it is just that when you have 1.1 billion users, even if only [b]5%[/b] of them decide to be "smart" and disable automatic updates, there will be more than [b]50 million[/b] vulnerable PCs.

      Which goes a long way in explaining why Windows is such a sought-after target. If 5% of Windows users are "smart" and disable automatic updates, there are more unpatched Windows systems out there than there are Macs [b]total[/b]. This is why you see most of these viruses/worms only appear [b]after[/b] a patch has already been released. Not sure how anyone can blame MS for this, unless MS was the only one releasing patches. Which they aren't, not by a long shot. The problem lies with the "smart" users.
      Qbt
    • Umm?

      [i]"Microsoft is at fault as much as the creator of the Conficker Worm."

      "If Microsoft wanted to control the worm from spreading in the first place, Why did'nt they support the critical updates for the pirate versions?"[/i]

      Really? If only the pirated version is unpatched, because they turn it off, then why would Microsoft care if your pirated OS is infected or not? The biggest problem with this arguement is that Microsoft IS actually nice enough to patch the pirated versions usually, which only helps to encourage them to do it again.

      I say they should be on their own. I paid for mine, they should pay for theirs or suffer the consequences.

      As long as you keep your OS up to date, then even if every pirated PC out there was infected, it won't really effect the legit users. But pirated or not, you will always have users that refuse to apply patches and allow their systems to become a part of a botnet.

      So what side are you own? Standing up for the pirates are you?
      ShadowGIATL
      • re: ....

        <font color=#808080>"...<em><font color=#000000>they</font></em> should pay for theirs or suffer the <font color=#000000><em>consequences</em></font>."</font>

        But when <em>'they' 'consequences' </em> indirectly affects everyone, then <em>'they Microsoft'</em> have a problem.

        ^o^
        <br>
        n0neXn0ne
        • If we continue to sue...

          every company because people misuse their products, then what will we have left? No one will want to go into business at all in the US if they have to spend all their time defending themselves because someone misused a product in a way it was never intended. Oh wait, that is already happening.

          If you think that companies should be held responsible and the criminals left alone, then you need to be slapped around until you gain some common sense.

          If someone takes a kitchen knife and stabs their neighbor, does that make it the knife makers fault? No. Plain and simple.

          Saying that it's Microsoft's fault that people misuse their OS is a double standard and this kind of "it's not the criminal's fault, they are really the victim" mentality has to stop.

          The world economy is going down the drain because people appear to be getting dumber by the minute. People complain that everything is getting cheaper made, yet cost of living is going up. All our crap is made in China, and none of it works. And then those same people make excuses and point their fingers at everyone but the ones really to blame.

          Give it up. The only people buying this load of crap are the brainwashed left. Meanwhile the right has their own agenda, and the few normal thinking people left in the middle are left to suffer, because only they truely realize how bad it really is.

          Just stop it already. Stop making excuses for people doing bad things. Stop blaming large corporations for end user mistakes. There are plenty of legitimate things to blame them for, I assure you.
          ShadowGIATL
          • Liability

            <i>If someone takes a kitchen knife and stabs their neighbor, does that make it the knife makers fault?</i>

            Actually, it does. You see the ability to use that knife for a purpose [criminal or not] other than that for which it was designed and intended is a foreseeable security vulnerability. The knife manufacturer should have released a patch in the form of a large blunt hunk of oak that comes with instructions to epoxy it to the tip to prevent such future attacks. Personally, I use Symantec AntiUtensil in my office kitchen and at home I use the iKnife so it's not affected.
            Lunatic59
          • The way I read this:

            > Personally, I use Symantec AntiUtensil in my office kitchen
            > and at home I use the iKnife so it's not affected.

            You are saying:

            "Personally, I use Symantec AntiVirus in my office kitchen and at home I use the iMac so it's not affected."
            Grayson Peddie
          • Personally...

            I read it as pure sarcasm. I notice no one had a serious reason why it's the knife makers fault.

            Microsoft might not be an angel, but I doubt they created their OS with the intention that hackers and rogue companies would try to use it as a vassal for malware. Nor did they have much reason in the beginning to think they would need to predict the future to prevent such events.

            People need to stop blaming the wrong people, or they will end up having to deal with the monster they created.
            ShadowGIATL
          • I prefer...

            AVG's free Anti-Knife. It's free, and auto updates regularly to prevent new ways of using kitchen objects.
            ShadowGIATL
  • RE: Making sense of the latest Conficker update

    Probably some of the best advice about this overhyped conficker fiasco:

    [i]Nah, of course it isn?t. Update your PCs, scan your systems and get on with life.[/i]

    It really is that simple! If only more people would do that instead of trying to trump this into some big thing when its not.
    Loverock Davidson