Do You Know The 4 Ways Of Stopping The Confiker Virus?

do you know the 4 ways of stopping the Conficker virus?

CONFIKER’S MO

After the confiker virus has gained access to a system it will install itself by adding a number of randomly named dynamic link libraries (dlls) into the system directory.

Next, confiker will install a system service in order to execute itself.

Cunningly, it also modifies some system registries in order to hide the service that it created.

do you know the 4 ways of stopping the Conficker virus?

do you know the 4 ways of stopping the Conficker virus?

The next step is for the virus to propagate itself.

It will do this by attempting to spread through local networks by using brute-force techniques on usernames and passwords.

Additionally, confiker will attempt to copy itself to any external devices it finds, such as external hard drives, flash drives, memory cards, etc.

Removal of confiker can be somewhat tricky as it blocks access to the most well-known security websites, such as Microsoft, McAfee, Norton, etc., which seriously reduces the effectiveness of anti-virus solutions.

4 WAYS TO STOP THE CONFIKER VIRUS

Here, then, are 4 ways to either stop or hamper the spread of the confiker virus –

1.Firstly, ensure that you are up to date with all your operating system patches from Microsoft – this virus specifically attacks the latest Microsoft RPC vulnerability (MS08-067).

2. Always, always ensure that you have anti-virus installed and kept totally up-to-date.

3. Control the use of USB and other external devices on your system. Even if you know what to look out for, other family members may not.

4. The domains listed below are known to be used by confiker to update itself. Block them all with your firewall. If you don’t have a firewall, get one!

MALICIOUS DOMAINS

The confiker (or downadup as it is also known) virus will, at some point, try to contact one or more of the following domains in order to download further (and, presumably, malicious) updates –

btddc.com

d34ft.com

23drf.com

cscs7.com

mgaazz.com

hhgg3.com

trafficconverter.biz

So make sure you block them!

FEEDBACK

Have I missed anything?

Can you offer any more advice on how to stop or avoid the confiker virus?

LATEST : Confiker may have just installed a keystroke logger.

NEW : 10 Articles explain everything you need to know about Conficker

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. Anupam Kumar says:

    what are recent updates for Conficker worm

  2. LOL. Too true! 😀

  3. 99.99% of all computer issues are caused by the person sitting between the chair and the keyboard.

  4. Very good point Jeff – people believe the Mac is immune to viruses.

    It isn’t though, it’s just targeted less as Windows is far more widespread.

  5. The idea that Macs never get viruses or specifically can’t, is a myth that mac users love to believe.

    Macs are nothing more than x86 pcs running a custom build of a specialized Linux.

    Yea, regular x86 pc hardware and the software os is just a version of Linux… Deal with it fan boys.

    And you can get viruses. There just are not many viruses for macs because there aren’t enough people using them, and linux is by its nature a fairly secure OS in the first place. (It was written as a secure network ready os from the ground up.) If Mac was the big dog in town, there would be tons of viruses written for mac, and few for windows, but that’s how the cookie crumbled for Apple.

    *Disclaimer – I am neither a Windows, Linux, Mac, or any other OS you can think of fan boy. I use all of them for their strengths, which is why I am aware of all of their weaknesses.

  6. Anupam Kumar says:

    iPolicy Networks is providing detection and prevention from Conficker worm through its IDS signature. Below link is having more details:

    http://ipolicynetworks.com/technology/files/W32.Worm.Conficker.html

  7. What if I think I am already infected w/conficker? I can’t go to microsoft or mcaffe’s websites?

  8. No – if you have live update it should be an automated process.

  9. Hot Mommas Project says:

    Q: If we have Symantec and live update, do I need to run this (mentioned by Justin?)

    http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

    I am really hesitant to run an executable at the 11th hour here.

  10. Thanks for that link Justin.

  11. http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

    the removal tool-remember u wont even know ur infected till its to late, run this, it was just released,

    :)

  12. Exactly – most people use Windows, regardless of it’s merits vs the Mac OS, because it is so entrenched into their lives.

  13. Why do you think that Windows is a virus Joe?

  14. Joe Krahn says:

    > PC is far more superior than mac.
    That is just dumb. The reason is that the CAD software is better because the MS-Windows PC has a larger market.

    MS-Windows has a much better software selection, but OS itself is definitely inferior.

  15. I totally agree with you but it’s a fact that (for whatever reason) the majority of computer users run Windows.

  16. jonathan says:

    I have the program and the steps to destroy it so write to me and I tell u

  17. You can always get a Mac running OSX and you won’t have to worry about problems like that. The way BSD Unix is constructed, viruses cannot spread. So that’s the best option to end these types of “Windows based” problems.

  18. #3 clarification… I have a mouse, external DVD, camera, external hard drive and additional USB port plugged into USB ports. What will that allow or cause to happen???

  19. Tis virus is using many more domain names nowadays. You may consider using the free http://www.opendns.org as they are blocking such domains. In other words: if you (or the virus) ask OpenDNS for the IP address of some domain, and it has been blocked, then you (or the virus) won’t get it).

    See http://blog.opendns.com/2009/02/09/stats-are-back-and-conficker/

  20. Tis virus is using many more domain names nowadays. You may consider using the free http://www.opendns.org as they are blocking such domains. In other words: if you (or the virus) ask OpenDNS for the IP address of some domain, and it has been blocked, then you (or the virus) won’t get it).

    See Stats are back; and we’re blocking Conficker.

  21. tharry berry says:

    my boy friend is working in a IT support company in Malaysia..his company is facing this confiker virus and he told me they are having alot of trouble removing it..

    if u can tell me how u did it..i maybe can update my boyfriend abt it…

  22. Ha ha, I understand – mine are just the same!

  23. MadeInHeaven says:

    Point 3 is good as my kids are totally clueless about security.

  24. With computer security you have to be proactive – reactive normally spells trouble for sure.

  25. Indeed, it is surprising how many people ignore these warnings and expect AV or patches to be done for them.

  26. Excellent article, thanks. I had confiker on my own system and it was difficult to remove.

  27. I was having a few hosting issues and am in the process of moving my sites to different places. When that one moves I will certainly be writing some more.

  28. You should know… it’s a photo of you 😀

  29. P.S. Have you forgotten the ancient Egypt site? I havent seen anything new for a couple of weeks.

  30. Cool pic! Where’d you find that one?

  31. Ohhhh it’s a tricky one alright Trev. Glad you got rid of it though :)

  32. That’s a very good point Tom, thanks for adding that.

  33. You’re welcome Kate.

  34. It took me 6 hours to remove this damn confiker virus from my system :(

  35. Tom Reynolds says:

    You could, and should, block all those malicious domains at the router level too if you are using one.

  36. I just grabbed the patch from the MS site. Thanks.

Trackbacks

  1. […] the worm spreads via USB drive and takes advantage of autorun features, much like the confiker virus, it is not deemed to be a serious threat as it has so far failed to associate itself with any […]

  2. […] compromised file then there is a risk that you could end up installing viruses, spyware, trojans or worms onto your […]

  3. […] Bit of a no-brainer this one but you need to make sure that any anti-virus solution that you use can deal with the latest threats, such as the Conficker worm. […]

  4. […] I myself believed, the last of those options above would appear to be true – Confiker, aka Downadup, may well have entered a new stage in it’s […]

  5. […] Unless you have been living under a rock recently you will almost certainly have heard of the Conficker worm. […]

  6. […] Malware The Confiker worm, also known as the Configure virus, is possibly one of the worst computer viruses ever […]

  7. […] the Autorun feature in Windows – recent viruses such as Confiker exploit this in order to use flash and USB storage devices in order to infect […]

  8. […] 20% Do You Know The 4 Ways Of Stopping The Confiker Virus? […]

  9. […] 20% Do You Know The 4 Ways Of Stopping The Confiker Virus? […]

  10. […] 20% Do You Know The 4 Ways Of Stopping The Confiker Virus? […]

  11. […] 20% Do You Know The 4 Ways Of Stopping The Confiker Virus? […]

  12. […] 20% Do You Know The 4 Ways Of Stopping The Confiker Virus? […]

  13. […] remember that back on April 1st there were an awful lot of people fretting over the Conficker worm and whether or not their system may have been […]

  14. […] 20% Do You Know The 4 Ways Of Stopping The Confiker Virus? […]

  15. […] 20% Do You Know The 4 Ways Of Stopping The Confiker Virus? […]

  16. […] 16% Do You Know The 4 Ways Of Stopping The Confiker Virus? […]

  17. […] Assuming you didn’t kill your memory with too much booze at Christmas you will likely recall that the big talking point in security circles was the Conficker worm. […]

  18. […] 78% Do You Know The 4 Ways Of Stopping The Confiker Virus? […]

Speak Your Mind

*