You are here: Home > Confricker Worm Is Worse Than I Thought…

Confricker Worm Is Worse Than I Thought…

By on January 15, 2009 in Announcements, Anti-Malware News, Anti-Malware Tools, avoid this, Malware Warnings, Uncategorized

The Confricker Worm now attacks (and most likely infects):

  • Shared Computers with weak passwords (home users in workgroups)
  • Computers without the latest security updates.   Go here to download all your critical Microsoft patches!
  • USB sticks and external hard drives
  • Computers with open shares (common in corporate networks)
  • Computers with weak passwords….ouch.  Confricker is actually hacking weak passwords.  Once it does I’m assuming it jumps onto a share or admin share (like c$).

To prevent your computers at home or on a corporate network from becoming infected please download and install:

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

To remove this worm you can run the latest Malicious Software Removal Tool (MSRT)

Confricker is detected as:

Win32/Conficker.A (CA)
W32.Downadup.B (Symantec)
Mal/Conficker-A (Sophos)
Trojan.Win32.Agent.bccs (Kaspersky)

Description Per Microsoft:

Worm:Win32/Conficker.B is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. It may also spread via removable drives and weak administrator passwords. It disables several important system services and security products.
Please +1 this post if you like me :)

About malwarekilla

View all posts by malwarekilla

, , , , ,

  • http://youtube.com/AZLAN210396 AZLAN210396

    YAY. Kaspersky will detect it

  • darcjrt

    Matt do you have it??

    I want it!!

  • malwarekilla

    @darcjrt – nope, I wish.

  • Emperor Darius
  • Dvader

    Yet to see one pc overhere without the 958644 patch. But blown out of proportion by the mainstream press. I have no sympathy whatsoever for admins who neglected this problem.

  • Kedstar99

    I think Avira antivir also can detect it as it states so on its site.

  • Justin

    Avast! will also detect this as Win32:Confi[Wrm] and for the most part is able to remove it via the Boot Scan option.

  • butter

    take down myspace

  • William

    I would say keep it on your virtual machine for removal tests!

  • http://youtube.com/AZLAN210396 AZLAN210396

    I read someone on Yahoo Answers have that and Eset Nod32 detects and said it will remove at reboot. So the guy rebooted. ESET said the same thing to reboot over and over again… He tried searching the object but could not found it..

  • ViperBomb

    My Win Xp is updated in microsoft but I have been infected by the confricker worm. I have avast antivirus.

    This is what you see when you are infected by the confricker worm. if you insert a usb flashdrive and it does not appear as a drive (But you see a folder or an unknown file type)if this is what happen you are infected.Also when you turn on your PC or restart it and before it open you see a chkdsk D: (it only happen if you turn off illegally your PC,But if you see this in your PC you are infected) or whenever you have a partition on your disk drive.

    It says if you are infected you cannot browse in any anti virus web even in MicrosoftWEB you can’t browse.
    But in my Experience I can browse to any antivirus website, and I can update too at microsoft.

    What to do is Download the Microsoft Malicious Removal and Download the symantec Malicious Removal tools.

    Run first the microsoft after that run the symantec Then re start your PC. If you did’nt find anything you’re lucky.

  • p5yk3r

    freaking noobs,
    run windows updates, ALWAYS run windows udpates.
    if you didnt pay for windows, dont f**king run it.
    bring back the computer license i say, or submit your processing power to some botnets.

  • eric

    Yeah, but it didn’t do much D-day.

    By the way, its Conficker, not Confricker.

    Everyone gets the name wrong! Ive heard:

    Conflicker
    Confricker
    Conficker <– That’s the real one


Remove-Malware Traffic Stats