iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Worm Set For April Fools Day Launch
Search:
[ insider_reports_insider ]

Worm Set For April Fools Day Launch



SecurityProNews
Staff Writer
2009-03-19

SecurityProNews: Insider Reports Insider Reports RSS Feed


Security researchers have sent out notice about a worm set to hit the wild on April 1, making the situation no laughing matter. Conficker.C, the latest variant of Conficker.A and Conficker.B-both of which have been shut down by some crafty reverse engineering-isn't quite as nasty as its predecessors, in the same way Lil Kim isn't quite as nasty as 2 Live Crew.

Worm Set For April Fools Day Launch
Worm Set For April Fools Day Launch

If you got that joke, you're getting old.

Researchers at CA (Computer Associates) haven't been successful in shutting down this newest variant, but have looked at the code to discover it is set to launch itself en masse on April Fools Day. But we're guessing it won't be a trick.

What makes this worm particularly nasty is the way it disables everything on a computer designed to fight it. Like HIV in humans, it attacks the computer's immune systems. It blocks security-related websites, especially from Microsoft. It terminates system security services like Security Center, Windows Defender, Automatic Updates, Background Intelligent Transfer Service, Error Reporting Service, and Windows Error Reporting Service. It copies itself into Windows NT, Windows Media Player, Internet Explorer, and Movie Maker directories.

Conficker.C resets all system restore points, deletes any saved system restore points, downloads component files using time-based generated URLs, generates 50,000 URLs and reports back to 500 of them. It sets read only, hidden and system file attributes, generates a file creation/access time-stamp based on "kernel132.dll, creates access control entries, and exclusively locks files to restrict access and privileges and to prevent removal.

Pretty nasty, right?

Other security companies have labeled this same worm Win32/Conficker.D (MS OneCare), W32/Confick-G (Sophos), and Trojan.Win32.Pakes.ngs (Kapersky). If you've got it on your machine the only way you might know is if your computer suddenly accesses one of several popular sites like Ask.com, Baidu, Facebook, Google, Imageshack.us, rapidshare.com, W3.org, or Yahoo. This is how the worm tests for Internet connectivity.

View All Articles by SecurityProNews




About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds