Posts Tagged Virus
Conficker; What is it? How to Prevent and clean It.
What is it?: Conflicker is a virus that has been spreading for about 2 months infecting an estimated 15-20 million computers worldwide. Systems running windows 2000, server 2000, windows XP (all variations), Vista (all variations), server 2003, server 2008 and even windows 7 are susceptible. The details of what exactly the virus does are a bit sketchy because of the way the virus is created. At this time it appears that the virus is dormant in the computer and waiting to download the remainder of its payload code on April 1st. Right now it is presumed that the worm spreads itsself through the RPC service and through http, network shares, USB and removable media, and even FTP. The worm has the ability to modify open port exceptions on windows firewall as well as the ability to stop svchost.exe, services.exe, and explorer.exe. It has a built in P2P application so that the virus can both communicate code between each other and web servers and coordinate. This is where the fear of fast changing polymorphic code comes from as well as the ability of the virus to use host computers in a zombie like fashion to attack other computers or servers.
Symptoms of the virus are expected to include and have been confirmed to include:
- Services disabling on their own. Namely windows defender, BITS, windows firewall, and some third party antivirus services such as live update.
- Massive increase in network traffic. Up to a 10-15% increase in total network traffic is expected on infected networks. This is due to attacks on shares and accounts, as well as spreading of the virus and payload.
- Account lockouts reset. If the virus is on a DC it will dictionary attack the admin account and admin shares, if the account locks out, it will automatically reset the lockout.
- Lastly some or all AV websites, security websites, and windows update sites are inaccessible. they reply to ping and answer to telnet on port 80, but they are not accessible to any browser. This appears to be done through a virtual proxy system.