Downadup/Conficker Worm Disables Computer Security

Author: Ed DicksonPublished: Mar 15, 2009 at 10:13 pm 1 comment

If you were a hacker or a e-scam artist with malicious intent, would it be valuable to disable a machine's security system? Most of them find it relatively easy to take command and control of unprotected machines, but fully patched and protected machines pose more of a challenge.

Since late last year, hackers have developed a new tool that attacks protected machines, known as the Downadup/Conficker worm. This worm is being called a complex piece of malicious code that is able jump network hurdles, hide in the shadows and even defend itself against security measures, according to a recent report by Symantec.

Symantec has documented its blog posts on this subject in this report, which are available on their site. They also have a blog post by Ben Nahorney that attempts to put this complex threat into terms that can be understood by the general public.

Just this month, Symantec identified the third version of Downadup/Conficker, which has an even more powerful punch designed to take down computer security systems. This version has been dubbed the W32.Downadup.C variant and is still under analysis. The payload from W32.Downadup.C is set is to be triggered on April 1st, and if it is, the damage from it could be huge. SC Magazine aptly summed this up in an article called, "No Joke — Conficker Worm set to explode on April Fool's Day."

Since Downadup/Conficker has the ability to replicate itself — even on USB drives and network shares — by cracking passwords, it can spread like wildfire and wreak havoc on systems.

The report concludes that this is only the beginning of the Downadup/Conficker threat. If you take the time to read through the report, it shows how this malware is evolving and changing to avoid attempts to stop the spread of it.

It is being reported that Downadup Conficker has enabled one of the largest botnets to be formed on the Internet because of the number of systems that aren't protected from it. Of course, it appears that once infected, the worm itself might prevent the patches from be downloaded on a machine.

Continued on the next page Page 1 — Page 2
Spread the word
Bookmark and Share
Profile image for ed-dickson

Article Author: Ed Dickson

Having worked around financial crimes for a number of years, I noticed they seemed to be on the rise. One reason for this is technology, which grows more rapidly than laws designed to protect us from it. …

Visit Ed Dickson's author pageEd Dickson's Blog

Read comments on this article, and add some feedback of your own
  • Computer Security: Principles and Practice Computer Security: Principles and Practice
    by Array
    Book: 880 pages
    Publisher: Prentice Hall

    For courses in Computer/Network Security. In recent years, the need for education in computer security and related topics has grown dramatically -- and is essential for anyone studying Computer Science ...

Article comments

  • 1 - James

    Mar 24, 2009 at 2:40 pm

    Hi,

    Good article. Sophos' Conficker removal tool can detect and remove all variants of the worm/virus.

    As long as people run these tools it should stop any serious outbreak.

    James

Add your comment, speak your mind

Personal attacks are NOT allowed.
Please read our comment policy.
Please preview your comment.

blogcritics lists for Nov 30, 2009

fresh articles Most recent articles site-wide

fresh comments Most recent comments site-wide

most comments Most comments in 24hrs

top writers Most prolific Blogcritics for October

top commenters Most prolific Commenters in 24 hrs

Sci/Tech Highlights