Conficker worm exploits MS08-067 - Infections are high with sharp spike in June

Posted Saturday, July 10, 2010 10:14 AM by hwaldron

Lightning Lightning Lightning After two years, I continue to be amazed as the number of Conficker infections that remain. There are no new reported variants, instead the older ones continue to exist and even thrive due to poor security practices by individuals or even companies.

Microsoft provided the MS08-067 protective patch on October 23, 2008.   Then one month later, the Conficker worm was reverse engineered from the patch.  Conficker provided an important "lessons learned" in the need to apply all security updates the day you are prompted to do so. 

MS08-067 Conficker - Infections are high with sharp spike in June
http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/InfectionTracking

Password stealers and Conficker top June malware
http://news.cnet.com/8301-1009_3-20009730-83.html

QUOTE: The month also marked a return engagement of Conficker, this time in the form of a variant called Downadup. Following the path of the original Conficker, the new variant jumps on a weakness in Windows Server that allows code to be executed remotely when file sharing is turned on, according to Sunbelt. This strain also takes advantage of weak administrator passwords to disable certain Windows services and anti-malware protection.

"Although Trojans continue to dominate the top 10, June reveals interesting trends such as a fresh wave of Conficker-based detections, suggesting that this troublesome piece of malware is on its way back," Sunbelt Software research center manager Tom Kelchner said in a statement.

To date, security researchers have discovered the following variants of the worm in the wild.

Win32/Conficker.A was reported to Microsoft on November 21, 2008.
Win32/Conficker.B was reported to Microsoft on December 29, 2008.
Win32/Conficker.C was reported to Microsoft on February 20, 2009.
Win32/Conficker.D was reported to Microsoft on March 4, 2009.
Win32/Conficker.E was reported to Microsoft on April 8, 2009.

Conficker - Other Good Links
including a quick visual chart to see if your system is infected
http://www.confickerworkinggroup.org/wiki/
http://en.wikipedia.org/wiki/Conficker
http://www.microsoft.com/security/worms/conficker.aspx

Key protection became available on October 23, 2008
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

Conficker - Cleaning Tips
http://msmvps.com/blogs/harrywaldron/archive/2009/01/27/conficker-cleaning-tips-for-corporate-users.aspx

 

Comments

No Comments