X
Business
Home Business Enterprise Software

Making sense of the latest Conficker update

Several of you have emailed me for information about the latest Conficker update. Consider this post an update to my "no bull" guide to Conficker.
Written by Adrian Kingsley-Hughes, Senior Contributing Editor

Several of you have emailed me for information about the latest Conficker update. Consider this post an update to my "no bull" guide to Conficker.

Q: So, what's happening?

A: On April 8th a new update was made available to machines infected with Conficker variant C. This new update is called Conficker.E by many antivirus vendors.

Q: How does this update come in?

A: As an .exe file (previous conficker variants were all .dll files) via peer-to-peer (P2P).

Q: What does this new update do?

A: It seems that this update is a scareware package. It consists of a fake antispyware tool called Spyware Guard 2008. This update is a rogue antispyware tool that when triggered will "discover" that the system is infected with malware and ask the user for a payment to remove it. Of course this is all a scam and the system remains infected after the paid-for detox.

Detailed removal instructions for Spyware Guard 2008 can be found here.

This update also reintroduces Conficker's ability to exploit the MS08-067 Windows vulnerability (Conficker.C didn't have this feature).

It's also suspected that Conficker.E will coral PCs and put them to work as part of a spambot network.

Q: Anything else interesting about Conficker.E?

A: Well, it is set to delete itself if the date is May 3, 2009 or later. Gives us an idea as to when the next update could be due.

Q: How widespread is Conficker.E?

A: Well, this this update is being sent to systems running Conficker.C, and it is estimated that this has infected a few million systems, that's a good starting point for how far this might go. Given that this update also leverages MS08-067 then it has the potential to spread even further.

Q: Is it time to panic?

A: Yes!!! ... Nah, of course it isn't. Update your PCs, scan your systems and get on with life.

Q: What should I do if I/a client/a colleague/a friend/a family member is still worried?

A: Send them here for a quick and simple test. If that's not enough, send them to the Sunbelt Software or BDToolssite so they can scan their systems for Conficker.

Don't Panic! :-)

Editorial standards
Show Comments

Related

Logitech Mevo Core Streaming camera on a tripod on set

I fly 10 times a year. These 5 tech gadgets are lifesavers

Samsung Galaxy A35 5G home screen on a wooden bench.

Forget the Pixel 8a. This $399 Samsung phone is a force to be reckoned with

West Virginia bridge in spring time

4 ways to connect to the internet for less after the Affordable Connectivity Program expires