NetWorm.Win32.Conficker

General explanation

Type: Worm

Degree of destruction: high

Prevalence: high

Names of the malware:

  • NetWorm.Win32.Conficker
  • NetWorm.Win32.Kido
  • Net-Worm.Conficker
  • Trojan.Win32.Conficker

Used vulnerabilityMS08-067

What is the Worm?

Computer worms such as Conficker are a type of malware that is capable of reproduction. For permanence, worms set ways to keep the infection in every system boot.  The prominent feature of worms is their distribution method which is generally through portable drives and shared directories in the network.

What is Conficker malware?

This worm is capable of disabling some important Windows services and distributes them through the network and by MS08-067 vulnerability. This vulnerability can remotely execute malicious code by the hacker. This worm also will place itself in share directories to transfer to all existing systems in the network.

Technical explanation

Signs of infection

Generally, Conficker creates a file with a random name and dll expansion in one of the following paths and copies itself in it:

  • [SystemRoot]:\windows\system32
  • [SystemRoot]:\ProgramFiles\internet explorer
  • [SystemRoot]:\ProgramFiles\movie maker
  • [SystemRoot]:\Documents and Settings\[User]\Application data
  • [SystemRoot]:\Documents and Settings\LocalService\Local Settings\Temp

Conficker will be placed in the following registry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

The date of creation, the last access, and last changes in the file will be changed to kernel32.dll date so it could not be found by its date and time and supposes it is such as a system dll. Also, it copies itself in portable drives.

How to deal with it and disinfect the system

Padvish with UMP capability is a part of behavioral protection that prevents the system from infection by portable drives. Also, the Padvish Anti-virus firewall will prevent network attacks by this malware. Therefore, to prevent infection to all types of malware which are transferred by a portable drive such as Conficker it is recommended to install Padvish and prevent malware from entering the system.

If your system is infected by Conficker malware, act as follows:

  1. Install Padvish on your system
  2. Scan your system completely
  3. Connect the infected portable drive
  4. Scan the portable drive by Padvish to disinfect both the portable drive and the system
  5. Install the Microsoft security patch MS08-067

Also as a temporary solution, you can download the Conficker cleaner from the Padvish site and disinfect the system.

  0 people found this article useful

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>