Conficker如何感染您的计算机?

2015/02/03

Conficker is also known Downup, Downadup or Kido is a computer worm. In infect your computer, you can automatically propagate themselves across the network to other computers, without the need for human intervention.

It is designed for Microsft Windows operating system, and was first in November 2008 it found. This worm exploits the Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Server service Windows Server 2008 R2 Beta and Windows 7 Beta and other versions of the operating system you are using a known vulnerability. Although Windows 7 has been affected, but the Windows 7 Beta, but not publicly, until January 2009. Although Microsoft in October 23, 2008 has released a patch to resolve the emergency takeaway the vulnerability, but as late as January 2009 is still a large number of Windows PCs (estimated at up to 30%) have not yet installed the patch. The second variant of Conficker virus was discovered in December 2008, which variant has the capacity removable media and network shares to spread the LAN. The researchers also believe that this is a decisive factor in the rapid spread of the virus. There are five versions widespread, Conficker A, B, C, D and E, respectively, between January 2008 to April 2009 was discovered. Linux and Mac operating systems are not affected by this virus affected.

 

Conficker is how to do it?

Conficker Virus main advantage of Microsoft vulnerability MS08-067 attack, and with any USB interface hardware infection. When the Conficker virus enters the system, the first default property settings will destroy the system, then the computer will automatically search for other loopholes in the LAN, once it found a vulnerable computer system, it will activate the vulnerability and the affected system to create a connection, Finally, remote infection. It is also run by a buffer Windows Server service vulnerability in the system, and use a specific RPC request code execution on the target computer.

When successfully implemented in a computer, it will disable some system services, such as: Windows system update, Windows Security Center, Windows Defender and Windows Error Reporting. Then it will connect to the server, the next step of propagation command, collecting personal information and to download and install additional malware onto the victim’s computer. In addition, it adds itself to the active process of Windows, such as svchost.exe, explorer.ext and services.exe.

 

Under those circumstances the most vulnerable to worm infection?

“Using weak passwords shared computers

“Use of mobile devices, such as mobile hard disk and U disk

“Open a shared computer

“There is no computer to install the latest security updates

“Conficker worm attempts to establish a large number of connections to the computer network, the new without installing the latest security updates, or has an open share, removable media or a weak password systems.

 

The following is the Conficker worm part of the work on the computer list:

“Disable important system services and security products, such as: Windows Defender, Microsoft Security Essentials, or Windows Update

“Download any file

“Prevent you from accessing sites, including those that allow you to download the security update website.

“Turns off a lot of security software such as the virus runs: antivirus, Internet Security Software and cause abnormalities

Write a comment

Name
Comment