Conficker (Downadup) – How to prevent and remove it
Description:
Conficker, also known as Downadup, is a computer worm that targets the Microsoft Windows operating system. Since its discovery in November 2008, it has infected millions of computers, forming a botnet. The worm uses the Windows vulnerability “MS08-067”, but it has been patched more than 10 years ago. Unfortunately, there still are plenty of computers that do not have the patch installed.
Summary:
The worm can deactivate certain services in order to prevent detection/removal. Services like Windows Defender and Windows Update will be deactivated. It may also plant additional files onto your system, as well as prevent you from visiting certain websites. Conficker worms infect PCs across a network by exploiting a vulnerability in a Windows system file. This vulnerability is described and fixed in Security Bulletin MS08-067.
Tools to remove Conficker
Recommendations for users:
- install updates as soon as they are released;
- use complex passwords;
- install anti-virus software.
Conficker History
Variant |
Spreads by… |
Payload |
---|---|---|
Worm:Win32/Conficker.A Discovered date: 21 November 2008 Payload trigger date: 25 November 2008 |
Exploits the vulnerability outlined in Security Bulletin MS08-067 |
|
Worm:Win32/Conficker.B Discovered date: 29 December 2008 Payload trigger date: 1 January 2009 |
Same as .A variant, plus:
|
Same as .A variant (although with a different way of generating URLs), plus:
|
Worm:Win32/Conficker.C Discovered date: 20 February 2009 Payload trigger date: 1 January 2009 |
Same as .B variant. |
Same as .A and .B variants, plus:
|
Worm:Win32/Conficker.D Discovered date: 4 Mar 2009 Payload trigger date: 1 April 2009 |
Spreading functionality removed.
Distributed as an update to PCs already infected with the .B and .C variants |
Same as .A and .B variants, plus:
|
Worm:Win32/Conficker.E Discovered date: 8 April 2009 Payload trigger date: No date |
Spreading functionality added.
Same as .A variant, plus:
|
|