April Fools’ Day deadline may be diversion for Conficker virus

March 26, 2009
by

April Fools' Day deadline may be diversion for Conficker virusThe good news is that the Conficker virus probably won’t do anything too damaging when a deadline triggers next week. The bad news is that the network of infected machines has taken another step beyond the reaches of security researchers.

As we’ve noted before, the virus keeps itself updated through a system which generates random domain addresses to contact for further instructions. Security researchers had largely figured out how the system works and how to predict which addresses it will use, but the system covered 250 different addresses each day. This made it impractical to continue with an initial plan to buy up all the possible names before the virus creators.

It’s now known that the virus creators issued two updates through this system which have transformed how the infected machines communicate. They are now linked through an enormous peer-to-peer network meaning each individual computer can now issue instructions to other machines.

The immediate concern is that the updates also instructed the computers to contact 500 different domain addresses a day starting from April 1. To make things even more complicated, these addresses will be picked from a pool of 50,000 possibilities.

Given the peer-to-peer network, the virus no longer needs to contact addresses in this way in order to survive and grow, making the instructions something of a mystery. It’s possible the April 1 trigger will be an intentional denial-of-service attack designed to bring down Web sites. Most likely though, it’s simply a show of force designed to make the network appear even more valuable before Conficker’s creators cash in on their work by selling it on.

Of course, whatever damage the virus actually does or will do, it’s still best to get it off your machine. We’ve had word from a reader that the solution offered by BitDefender has worked, so do check out its free removal tool if you think your machine might be infected.

Talking of that article, we do have a correction. Although we stated the firm had found a way to stop the virus blocking an infected computer from contacting a particular domain (which is how Conficker stopped many anti-virus programs from removing it), this isn’t the case. Instead BitDefender simply found a domain which had not been blocked by the virus, a workaround which thankfully seems to have done the trick.



Related Posts:

Posted in Microsoft, Security | 3 Comments » Read more from

3 Responses to “April Fools’ Day deadline may be diversion for Conficker virus”

  1. Geman:
    March 31st, 2009

    It worked on my PC too, i don’t see the address of the site so i’ll post it here : bdtools.net so others can dissinfect too.

  2. sohail20:
    April 1st, 2009

    The Conficker Worm
    Worried about the Conficker worm striking on April 1st? A few simple steps can protect you.

    Target: All users of Windows XP and Windows Vista.

    here is tool to remove this virus:
    http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDwndp.exe

    SOURCE;
    http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp_promo_conficker_worm

  3. Gevei:
    April 16th, 2009

    I used dissinfecttools.com for removing the conficker infection. The tool there is made by bitdefender.

Leave a Reply:


Recent stories

Featured stories

Archives

Copyright © 2012 Blorge.com NS