Do You Know The 4 Ways Of Stopping The Confiker Virus?

by Lee on January 24, 2009

in The Conficker Worm

CONFIKER’S MO

After the confiker virus has gained access to a system it will install itself by adding a number of randomly named dynamic link libraries (dlls) into the system directory.

Next, confiker will install a system service in order to execute itself.

Cunningly, it also modifies some system registries in order to hide the service that it created.

stop-the-confiker-virus

The next step is for the virus to propagate itself.

It will do this by attempting to spread through local networks by using brute-force techniques on usernames and passwords.

Additionally, confiker will attempt to copy itself to any external devices it finds, such as external hard drives, flash drives, memory cards, etc.

Removal of confiker can be somewhat tricky as it blocks access to the most well-known security websites, such as Microsoft, McAfee, Norton, etc., which seriously reduces the effectiveness of anti-virus solutions.

4 WAYS TO STOP THE CONFIKER VIRUS

Here, then, are 4 ways to either stop or hamper the spread of the confiker virus -

1.Firstly, ensure that you are up to date with all your operating system patches from Microsoft – this virus specifically attacks the latest Microsoft RPC vulnerability (MS08-067).

2. Always, always ensure that you have anti-virus installed and kept totally up-to-date.

3. Control the use of USB and other external devices on your system. Even if you know what to look out for, other family members may not.

4. The domains listed below are known to be used by confiker to update itself. Block them all with your firewall. If you don’t have a firewall, get one!

MALICIOUS DOMAINS

The confiker (or downadup as it is also known) virus will, at some point, try to contact one or more of the following domains in order to download further (and, presumably, malicious) updates -

btddc.com

d34ft.com

23drf.com

cscs7.com

mgaazz.com

hhgg3.com

trafficconverter.biz

So make sure you block them!

FEEDBACK

Have I missed anything?

Can you offer any more advice on how to stop or avoid the confiker virus?

LATEST : Confiker may have just installed a keystroke logger.

NEW : 10 Articles explain everything you need to know about Conficker

Related Posts

  • 64% Of You Are Worried That You Have Been Infected By The Confiker Worm
  • The Twitterverse Guide To The Confiker Threat
  • Are You One Of The 6 Million Infected With Confiker?
  • Confiker.C Is Coming
  • Heres A Simple Confiker Removal Guide
  • Will You Be Laughing At Confiker C’s Exploits On April Fools Day?
  • Microsoft Offers $250,000 Bounty In Hunt For Conficker Writer
  • Conficker Countermeasures
  • The A,B,C And D Of Conficker Precautions
  • Video : Advice On Removing Confiker
  • { 12 trackbacks }

    What Is The Conficker Cabal? | Scam Types dot Com
    October 5, 2009 at 11:01 pm
    Evenin’ All, Conficker ‘Ere
    February 2, 2010 at 9:04 pm
    Malware That Changed The World – The Conficker Virus
    February 23, 2010 at 11:25 pm
    What Is The Conficker Cabal?
    March 14, 2010 at 10:39 am
    Conficker Countermeasures
    March 14, 2010 at 9:25 pm
    Conficker Worm – Was It Worth The Fuss?
    March 14, 2010 at 11:54 pm
    Are You One Of The 6 Million Infected With Confiker?
    March 15, 2010 at 8:27 am
    64% Of You Are Worried That You Have Been Infected By The Confiker Worm
    March 15, 2010 at 9:13 am
    The Twitterverse Guide To The Confiker Threat
    March 15, 2010 at 9:35 am
    Will You Be Laughing At Confiker C’s Exploits On April Fools Day?
    March 15, 2010 at 9:39 am
    Microsoft Offers $250,000 Bounty In Hunt For Conficker Writer
    March 15, 2010 at 10:32 am
    9 Simple Tips For Keeping Viruses Off Your Computer
    March 15, 2010 at 10:43 am

    { 42 comments… read them below or add one }

    1 Anupam Kumar February 4, 2010 at 5:39 pm

    what are recent updates for Conficker worm

    Reply

    2 Lee February 5, 2010 at 1:05 am

    Hi Anupam

    My latest post about Conficker was a couple of weeks ago : http://www.security-faqs.com/the-conficker-worm-proved-to-be-the-biggest-problem-in-2009.html

    Let me know if there is any specific information you are after and I’ll try and find it for you…

    Reply

    3 Karsul April 4, 2009 at 12:07 pm

    99.99% of all computer issues are caused by the person sitting between the chair and the keyboard.

    Reply

    4 Jeff April 2, 2009 at 7:27 am

    The idea that Macs never get viruses or specifically can’t, is a myth that mac users love to believe.

    Macs are nothing more than x86 pcs running a custom build of a specialized Linux.

    Yea, regular x86 pc hardware and the software os is just a version of Linux… Deal with it fan boys.

    And you can get viruses. There just are not many viruses for macs because there aren’t enough people using them, and linux is by its nature a fairly secure OS in the first place. (It was written as a secure network ready os from the ground up.) If Mac was the big dog in town, there would be tons of viruses written for mac, and few for windows, but that’s how the cookie crumbled for Apple.

    *Disclaimer – I am neither a Windows, Linux, Mac, or any other OS you can think of fan boy. I use all of them for their strengths, which is why I am aware of all of their weaknesses.

    Reply

    5 Anupam Kumar April 1, 2009 at 7:27 pm

    iPolicy Networks is providing detection and prevention from Conficker worm through its IDS signature. Below link is having more details:

    http://ipolicynetworks.com/technology/files/W32.Worm.Conficker.html

    Reply

    6 texmo April 1, 2009 at 4:52 pm

    What if I think I am already infected w/conficker? I can’t go to microsoft or mcaffe’s websites?

    Reply

    7 Hot Mommas Project April 1, 2009 at 3:13 am

    Q: If we have Symantec and live update, do I need to run this (mentioned by Justin?)

    http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

    I am really hesitant to run an executable at the 11th hour here.

    Reply

    8 Justin March 31, 2009 at 3:50 pm

    http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-011316-0247-99

    the removal tool-remember u wont even know ur infected till its to late, run this, it was just released,
    :)

    Reply

    9 jonathan March 30, 2009 at 3:38 am

    I have the program and the steps to destroy it so write to me and I tell u

    Reply

    10 OS11 March 30, 2009 at 1:07 am

    You can always get a Mac running OSX and you won’t have to worry about problems like that. The way BSD Unix is constructed, viruses cannot spread. So that’s the best option to end these types of “Windows based” problems.

    Reply

    11 Spud March 26, 2009 at 1:29 pm

    #3 clarification… I have a mouse, external DVD, camera, external hard drive and additional USB port plugged into USB ports. What will that allow or cause to happen???

    Reply

    12 Arjan March 21, 2009 at 9:01 am

    Tis virus is using many more domain names nowadays. You may consider using the free http://www.opendns.org as they are blocking such domains. In other words: if you (or the virus) ask OpenDNS for the IP address of some domain, and it has been blocked, then you (or the virus) won’t get it).

    See Stats are back; and we’re blocking Conficker.

    Reply

    13 Arjan March 21, 2009 at 8:58 am

    Tis virus is using many more domain names nowadays. You may consider using the free http://www.opendns.org as they are blocking such domains. In other words: if you (or the virus) ask OpenDNS for the IP address of some domain, and it has been blocked, then you (or the virus) won’t get it).

    See http://blog.opendns.com/2009/02/09/stats-are-back-and-conficker/

    Reply

    14 MadeInHeaven January 27, 2009 at 4:36 pm

    Point 3 is good as my kids are totally clueless about security.

    Reply

    15 GIweb January 26, 2009 at 8:14 am

    Indeed, it is surprising how many people ignore these warnings and expect AV or patches to be done for them.

    Reply

    16 Paddy January 25, 2009 at 2:07 pm

    Excellent article, thanks. I had confiker on my own system and it was difficult to remove.

    Reply

    17 Col January 24, 2009 at 9:01 pm

    P.S. Have you forgotten the ancient Egypt site? I havent seen anything new for a couple of weeks.

    Reply

    18 Col January 24, 2009 at 9:00 pm

    Cool pic! Where’d you find that one?

    Reply

    19 Trev January 24, 2009 at 6:36 pm

    It took me 6 hours to remove this damn confiker virus from my system :(

    Reply

    20 Tom Reynolds January 24, 2009 at 5:59 pm

    You could, and should, block all those malicious domains at the router level too if you are using one.

    Reply

    21 Kate January 24, 2009 at 5:34 pm

    I just grabbed the patch from the MS site. Thanks.

    Reply

    22 Lee January 24, 2009 at 6:44 pm

    You’re welcome Kate.

    Reply

    23 Lee January 24, 2009 at 6:45 pm

    That’s a very good point Tom, thanks for adding that.

    Reply

    24 Lee January 24, 2009 at 6:45 pm

    Ohhhh it’s a tricky one alright Trev. Glad you got rid of it though :)

    Reply

    25 tharry berry March 2, 2009 at 4:43 pm

    my boy friend is working in a IT support company in Malaysia..his company is facing this confiker virus and he told me they are having alot of trouble removing it..

    if u can tell me how u did it..i maybe can update my boyfriend abt it…

    Reply

    26 Lee January 24, 2009 at 10:01 pm

    You should know… it’s a photo of you :D

    Reply

    27 Lee January 24, 2009 at 10:02 pm

    I was having a few hosting issues and am in the process of moving my sites to different places. When that one moves I will certainly be writing some more.

    Reply

    28 Lee January 25, 2009 at 7:37 pm

    I’m glad you got rid of it in the end Paddy :)

    Reply

    29 Lee January 26, 2009 at 12:19 pm

    With computer security you have to be proactive – reactive normally spells trouble for sure.

    Reply

    30 Lee January 28, 2009 at 1:10 am

    Ha ha, I understand – mine are just the same!

    Reply

    31 Lee March 22, 2009 at 7:54 pm

    That’s good to hear :)

    Reply

    32 Lee March 30, 2009 at 10:03 am

    I totally agree with you but it’s a fact that (for whatever reason) the majority of computer users run Windows.

    Reply

    33 Rotten.Apples March 30, 2009 at 9:08 pm

    Why don’t we ask why the majority of Architects used AutoCAD instead of MicroStation… the reason is clear; PC is far more superior than mac.

    Reply

    34 Joe Krahn March 30, 2009 at 11:32 pm

    It’s because Microsoft Windows IS a virus, spread by social engineering.

    Reply

    35 Joe Krahn March 30, 2009 at 11:31 pm

    > PC is far more superior than mac.
    That is just dumb. The reason is that the CAD software is better because the MS-Windows PC has a larger market.

    MS-Windows has a much better software selection, but OS itself is definitely inferior.

    Reply

    36 Lee March 31, 2009 at 10:47 am

    Exactly – most people use Windows, regardless of it’s merits vs the Mac OS, because it is so entrenched into their lives.

    Reply

    37 Lee March 31, 2009 at 10:46 am

    Why do you think that Windows is a virus Joe?

    Reply

    38 Lee April 1, 2009 at 12:33 am

    Thanks for that link Justin.

    Reply

    39 Lee April 1, 2009 at 9:25 am

    No – if you have live update it should be an automated process.

    Reply

    40 Lee April 2, 2009 at 12:59 am

    That is a sign that you may well be infected. Do you have McAfee installed and up-to-date at the moment?

    Reply

    41 Lee April 2, 2009 at 10:04 am

    Very good point Jeff – people believe the Mac is immune to viruses.

    It isn’t though, it’s just targeted less as Windows is far more widespread.

    Reply

    42 Lee April 4, 2009 at 11:56 pm

    LOL. Too true! :D

    Reply

    Leave a Comment

    Previous post:

    Next post: