Sign in with
Sign up | Sign in

Conficker Gets Update, Does ... Something

By - Source: Tom's Hardware US | B 40 comments
Tags :

Conficker has started doing its thing apparently. Its thing has yet to be defined but everyone should panic anyway, okay?

Exactly one week after it was supposed to get its ducks in a line, reports began to trickle in claiming that Conficker had began updating via P2P between infected computers and dropping a mystery payload on infected machines.

According to PCWorld, researchers at Trend Micro reported that infected machines had begun receiving a binary update which tells Conficker to start scanning for other computers that haven't patched the Microsoft vulnerability the virus exploits.

The new update also tells Conficker to contact MySpace.com, MSN.com, Ebay.com, CNN.com and AOL.com apparently to confirm that the infected machine is connected to the Internet, Rik Ferguson of Trend Micro told PCWorld. What’s more Conficker also blocks infected PCs from visiting specific sites. Previous Conficker versions wouldn't let people browse to the website of security companies. This new update is timed to stop running on May 3 although it’s unclear if this deadline will pass as uneventfully as the last.

Trend Micro also notes in a blog post that it does not leave a trace of itself in the host machine. “It runs and deletes all traces, no files, no registries etc,” wrote Ivan Macalintal, an advanced threat researcher.

Conficker has infected millions of computers with the specific number varying, depending on who you ask. The number of infected computers ranges from under 5 million to nearly 15 million machines. You can read all about Conficker in our previous posts, here and here. So what’s the verdict, are you guys starting to panic yet?

(Via PCWorld/Trend Micro)

Display 40 Comments.
This thread is closed for comments
Top Comments
  • 24 Hide
    jhansonxi , April 9, 2009 6:14 PM
    Someone needs to make a Linux and OS X port. Too many people are missing out on the mass panic.
  • 11 Hide
    smartel7070 , April 9, 2009 6:15 PM
    I've sold all my belongings, filled up the tank and am now on my way to the arctic circle.
  • 11 Hide
    frozenlead , April 9, 2009 6:20 PM
    Hello, Joshua. What game would you like to play?


    Thermonuclear War. Duh.
Other Comments
  • 24 Hide
    jhansonxi , April 9, 2009 6:14 PM
    Someone needs to make a Linux and OS X port. Too many people are missing out on the mass panic.
  • 11 Hide
    smartel7070 , April 9, 2009 6:15 PM
    I've sold all my belongings, filled up the tank and am now on my way to the arctic circle.
  • 11 Hide
    frozenlead , April 9, 2009 6:20 PM
    Hello, Joshua. What game would you like to play?


    Thermonuclear War. Duh.
  • -4 Hide
    08nwsula , April 9, 2009 6:24 PM
    will this stop any of my daily internet activities?
    no
  • 6 Hide
    chris13th , April 9, 2009 6:25 PM
    Looks like the bunker will come in handy finally.
  • 10 Hide
    belter , April 9, 2009 6:35 PM
    The joke is on people like us reading these articles at work instead of working.
  • 1 Hide
    sublifer , April 9, 2009 6:42 PM
    Your links to the previous posts are broken.

    Beyond not being able to go to norton and mcafee's (and others) websites, is there any other telltale that a machine is infected?
  • 1 Hide
    tester3000 , April 9, 2009 6:54 PM
    What's the point of a worm not doing anything,, just getting updated. Lame.
  • 5 Hide
    mustwarnothers , April 9, 2009 6:55 PM
    belterThe joke is on people like us reading these articles at work instead of working.


    I believe that means the joke is on our employers.
  • 7 Hide
    solymnar , April 9, 2009 7:04 PM
    It would be quite the ironic moment if the new virus turns out to be installing AVG or a hacked version of norton antivirus etc. and patching it up to date.

    Granted this is unlikely in the extreme but in my own twisted mind it would be hysterical. A virus that infects PCs...and cleans them up.
  • 8 Hide
    tenor77 , April 9, 2009 7:22 PM
    It's secretly forcing us to Fold!!!!
  • 1 Hide
    jhansonxi , April 9, 2009 7:29 PM
    solymnarIt would be quite the ironic moment if the new virus turns out to be installing AVG or a hacked version of norton antivirus etc. and patching it up to date.Granted this is unlikely in the extreme but in my own twisted mind it would be hysterical. A virus that infects PCs...and cleans them up.
    Actually many do fix them to prevent competing malware from invading. Once a malware installs itself as a rootkit it no longer has to worry about existing security programs since it has full control. The security programs just become more defense tools the malware can use.
  • 0 Hide
    wira020 , April 9, 2009 7:30 PM
    That is... a mystery... i wonder why no one got track to the person responsible yet? A high bounty is offered... This might just be some conspiracy theory but could this be a plot to sell antivirus or make us rely more on security updates and upgrades... the virus afterall is described as only to affect computers with old system...
  • 3 Hide
    rigaudio , April 9, 2009 8:00 PM
    I was hoping that Conficker would consist of a fullscreen "APRIL FOOLS", but I was disappointed.
  • 1 Hide
    jsloan , April 9, 2009 8:00 PM
    looks like they maybe doing dos attack, or even looking for something

    i wonder how will these sites will handle several million pcs mindlessly, repeatedly hitting them. it's got to slow them down, cost them. in addition increase overall internet bandwidth utilization.
  • 0 Hide
    theJ , April 9, 2009 8:09 PM
    jsloanlooks like they maybe doing dos attack, or even looking for somethingi wonder how will these sites will handle several million pcs mindlessly, repeatedly hitting them. it's got to slow them down, cost them. in addition increase overall internet bandwidth utilization.


    Sucks if you have Time Warner :) 

    I'm not heading for the basement yet. My linux machine will protect me :) 
  • 0 Hide
    tayb , April 9, 2009 8:27 PM
    So the Norton variant Conficker that they cooked up in the labs doesn't allow you to visit the AVG website? And does nothing else harmful besides making sure you are connected to the internet?

    What a threat. I'm sure Norton will be here shortly to make sure everyone buys some Antivirus. Wouldn't want to not be able to access norton.com.
  • 7 Hide
    NuclearShadow , April 9, 2009 8:37 PM
    I have no fear of this worm and I am on a windows OS. I have no anti-virus installed either. Common sense is all anyone truly needs.
  • -1 Hide
    wayneepalmer , April 9, 2009 9:39 PM
    Why do I bet that this is connected to one or both of the US Power Grid hacks that the government has discovered being set up by both the Russians and the Chinese?

    Say...at an opportune moment, the viruses in all the infected PC's activates, assaults the banking, public, and government record systems and wipes everything (like personal and business accounts, all public records, medical records, court records, property records, etc.) and then crashes the entire electric grid to make recovery virtually impossible. Bye, Bye, US economy and infrastructure.
  • 0 Hide
    Anonymous , April 9, 2009 9:42 PM
    Skynet is here. All Your Base Are Belong to Us. At least we have Christian Bale to strike back at them...
Display more comments