Thursday, August 11, 2011

Conflicker -C Worm

Conflicker-C is very dangerous virus.Recently Rail Corp has confirmed that some of its computers are infected by conflicker.
It is also known as Downup, downaup and kido.This virus targets only Microsoft Windows systems. It uses very dangerous strategy to control computers which is infected by it. Basically it uses flaws in windows softwares and connects all pcs
infected by it to a virtual computer. This virtual computere is hosted by the author of this virus. It is designed by using complex malware tecniques which make it very difficult to detect.There are 5 types of conflicker viruses. conflicker A, conflicker B, conflicker C, conflicker D, conflicker E. This worm also has vulnerabilities but authors of conflicker are also updating its newer version as Anti-virus companies. Microsoft on 13 feb 2009  offered $USD250,000 as a reward for any information on the masterminds behind the creation of conflicker.

        Following are some of the symptoms that conflicker infected PCs show.
1.Certain Microsoft Windows services such as Automatic Updates, Background Intelligent Transfer Service (BITS), Windows

Defender and Windows Error Reporting are disabled.
2.user accounts are locked out.
3.Websites related to Antivirus are blocked i.e inaccessible.
Conflicker forms a zombi network of computers. Due to conflicker infection your credit card numbers, passwords, bank accounts are at stake.
How conflicker works?




        Important thing is that, this worm mainly targets windows PCs. It spreads itself through buffer overflow configuration. Buffer is the place outside the momory to store temporary data during program execution. Buffer overflow means overflow of temporary memory used as buffer. Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. They are thus the basis of many software vulnerabilities and can be maliciously exploited . Conflicker unknowingly requests user to install code. Once it is installed in computer it proceeds to disable several security systems. Some of these include Windows automatic updates, Windows security center, Windows defender, and Windows Error reporting.
         Thousands of computers have been reportedly infected with Conficker. Firstly, Panda Security, which is an antivirus software vendor, reported early that; out of the two million computers in its network, about 115,000 were infected with the virus.
We are giving some of the aliases of conflicker below.
    * Win32/Conficker.A (CA)
    * W32.Downadup (Symantec)
    * W32/Downadup.A (F-Secure)
    * Conficker.A (Panda)
    * Net-Worm.Win32.Kido.bt (Kaspersky)
    * W32/Conficker.worm (McAfee)
    * Win32.Worm.Downadup.Gen (BitDefender)
    * Win32:Confi (avast!)
    * WORM_DOWNAD (Trend Micro)
    * Worm.Downadup (ClamAV)

How to remove it?
     The best way to remove it is keep your anti-virus upto date and scan PC many times.
Dont allow any activity of svchost.exe because conflicker  downloads itself in DLL form and attaches to svchost.exe.You can find it in Task Manager Processes svchost.exe under your user account name.
Disable autorun in removable media.
Microsoft has released  removal guide for the worm.
Image Courtesy: http://confickerc.info/

No comments:

Post a Comment

Dear Reader, if you like My Blog content, feel free to comment on our blog posts.