Panda Issues Orange Alert For Malicious Conficker Worm

[Peaches]

Panda Issues Orange Alert For Malicious Conficker Worm

Conficker is a family of worms that exploits vulnerability on Microsoft Windows in order to spread

Jan 12, 2009 | 03:26 PM

By Panda Security

DarkReading

GLENDALE, Calif., Jan. 12, 2009 - PandaLabs,

Panda Security's malware analysis and detection laboratory, today issued an orange alert warning against the malicious Conficker worm, a new family of computer worm has already infected thousands of computers worldwide. PandaLabs has located three variants of this malicious code (Conficker A, B and C).The first known infections of this worm were seen at the end of November 2008, although it was after the holiday season when a dramatic increase in its activity was observed.

This worm propagates by exploiting vulnerability MS08-067 in the Microsoft Windows server service and spreads by using specially crafted Remote Procedure Calls (RPC) to other machines. Vulnerable machines will then download a copy of the worm, making them infected as well. RPC is a protocol that permits remote code injection to a networked computer, which in this case, allows the worm creator to take control of the infected machines remotely.

The worm also propagates through USB memory devices such as USB Drives or MP3 players. Increasing the threat, this worm constantly updates, downloading new versions of itself onto infected machines and through different and changing IPs, making it difficult to block. At the same time, some variants are designed to download other malware onto an infected computer. This is an indication that the worm authors are preparing to carry out a large scale attack in the near future using the infected machines.

dark reading: http://www.darkreading.com/security/antivi...ies+and+threats